One of the largest areas of regulatory growth since the financial crisis has been in the area of Non-Financial Regulatory Reporting (NFRR). NFRR is a broad term that generally refers to any required regulatory reports produced outside of the finance function. Reporting requirements vary widely across jurisdictions and can include anything from transaction reporting to sustainability efforts. Within the banking sector, these reports are often related to risk exposure and management, compliance, and reporting of transactions and trading positions. In general, NFRR requirements are becoming more detailed and granular in the data they call for, more frequent in their production, and precise in their requirements, presenting major difficulties for firms looking to minimize the cost and workload of reporting while remaining compliant. Three key challenges for firms going forward will be: coordinating NFRR efforts across the firm, establishing robust data governance, and managing reporting requirements that vary across time and jurisdictions. Fortunately, technology and organizational structure options exist that can help firms successfully mitigate these issues.
Current NFRR data and processes are often fragmented across the firm in various ways: lines of businesses, geographies, and business functions. Legacy technology leveraged into NFRR roles often reflects this same fragmented reality, with each separate team and system either requiring a handoff to another, or confirmation that data and reports match across divisions. Both requirements increase regulatory risk by opening the process up to reporting errors and inconsistencies. Likewise, reporting siloed by teams and systems frequently involves manual or ad-hoc processes, introducing further reporting risks. These manual efforts may be delegated to a single employee or a small group, introducing key-person dependencies that can seriously hinder reporting in the event of staff turnover.
This fragmentation has severe implications for NFRR data governance. The data that firms provide to regulators and other NFRR stakeholders must not only be accurate and timely, but it is becoming increasingly granular and precise as well. For example, the EU’s MiFID II transaction reporting rules penalize banks for supplying both too little data, and too much data, demanding a thorough understanding of the requirements and thoughtful implementation of reporting mechanisms. In addition to increasing specificity, regulators and industry best practices call for transparency and auditability of reporting data. If the firm cannot trace how the data flows across groups and systems, it may not be able to identify deficiencies in processes and controls, potentially opening itself up to regulatory fines and penalties.
Flexibility and Scalability are Vital to Success
To manage the complexities of the new regulatory reality, firms will need to work towards flexible, scalable, coordinated reporting platforms that enable a wide variety of data and reports to be produced in a consistent and timely manner. By centralizing reporting systems and processes where possible, firms can reduce the risks of coordination and handoffs, while also improving efficiency and data integrity. Fortunately, a wide variety of technologies currently exist that can aid them in doing so.
The growth in volume and complexity of non-financial reporting makes the area ripe for automation, and “RegTech” has been cited as one of the “top Fintech trends driving the next decade.”  Newly-emerging technology such as Distributed Ledger Technology (DLT), better known as blockchain, may one day entirely obviate the need for “reporting” altogether. DLT allows firms to share data directly with regulators in near real-time with minimal human involvement through an inalterable, fully auditable ledger of transactions. Currently a regulatory blockchain project is being piloted in the UK mortgage lending space.  Numerous firms worldwide are already taking advantage of other RegTech advances such as Robotic Process Automation (RPA) and Artificial Intelligence / Machine Learning (AI/ML). The repetitive and rule-based nature of many reporting processes such as data aggregation, report generation, and reconciliation makes these processes perfect candidates for automation, while AI/ML technologies can greatly aid functions such as identifying anomalies that may flag nefarious activity or informing human compliance experts to the details of relevant regulations.
Technological improvements are necessary for efficient and accurate compliance with NFRR requirements, but technology alone is not sufficient. Firms will also need to structure their reporting personnel for coordination and efficiency. A standardized and centralized NFRR delivery model (Fig. 1) should contain four separate, but coordinated layers: a central regulatory reporting relationship management team; local regulatory reporting teams; regional regulatory reporting centers of excellence; and a centralized cross-functional finance, risk technology and data team. The regulatory reporting relationship management team should coordinate contact with regulators in each jurisdiction to ensure strong relationships and understanding of regulatory requests, as well as manage regulatory expectations and provide pushback when appropriate. Local regulatory reporting teams’ focus should be on report production, ad-hoc regulatory requests and owning the infrastructure and requirements related to their specific area of reporting. These local teams should be supported by regional centers of excellence that manage production of reporting across legal entities and multiple lines of business and which provide common data sets and regulatory applications. Finally, a central cross-functional team with knowledge of finance, risk, technology and data should cover data governance, report specifications, building new reporting features and maintaining reporting infrastructure. These clearly-delineated areas of responsibility can help streamline and routinize reporting functions that may currently be scattered across large numbers of teams working independently of each other, improving data governance and reducing cost.
A key benefit of a flexible, centralized NFRR structure is strengthened data governance across the firm’s regulatory reporting functions. Centralized responsibility over data maintenance and lineage, along with increased use of common data sets not only reduces the risk of different units reporting different data, but it also makes tracing and auditing data quality simpler. This structure helps firms meet the three goals of effective data governance: Data Ownership, Data Quality, and Data Timeliness. Ownership requires clear accountability for owners of data, along with validation and upstream quality checks to ensure that data is traceable and reliable. Data Quality entails identifying common data sets and normalizing them to the most trusted source, as well as creating consistent data definitions. These steps combined can help ensure firms are operating off of a single source of truth. Finally, Data Timeliness allows firms to access the data they need, when they need it. To accomplish this, the firm must understand the frequency that various datasets are needed, ensure that risk data frequency is based on the priority of the risks being measured, and meet all internal and regulatory service level agreements (SLAs).
Finally, even as national regulators continue to demand more and better data from financial firms, harmonized global standards have largely not emerged outside of the Basel capital adequacy requirements. Thus, reporting requirements vary from regulator to regulator by jurisdiction, involving separate reports, systems, and data. These overlapping and conflicting requirements also shift over time, as new regulations are passed or previously adopted regulations move through transition phases.
The Future of NFRR
Future NFRR requirements will only become more voluminous, more frequent, more granular, and more critical to firms’ regulatory compliance efforts. Despite these hurdles, flexible, scalable, centralized, and automated platforms can enable firms to provide better reporting performance at less cost than today’s ad hoc and fragmented systems. This will allow firms to reduce the time spent on data collection and validation, report production, and other routine reporting tasks, freeing up time to further improve firm and regulatory performance through dramatically increased use of analytics to uncover operational insights. Throughout this process, technology will continue to improve, with the potential for future improvements in areas like DLT to make the entire concept of “reporting” as obsolete as ticker tape.
Monticello Consulting Group (MCG) assists clients across the financial services industry in implementing the necessary infrastructure to ensure compliance and reduce regulatory risks. This experience, coupled with our in-depth knowledge of the financial regulatory environment, uniquely positions Monticello to guide financial institutions, regardless of their size, in the adoption of emerging technologies in the regulatory reporting space and the implementation of strong NFRR governance principles.
Get In Touch
LEARN MORE ABOUT MONTICELLO AND PURSUE OPPORTUNITIES WITH OUR TEAM