Eleven of the industry’s most high-profile trade associations and ISDA this week urged regulators to adopt consistent and harmonised trade reporting requirements across jurisdictions. However, reporting rules are already on the books and the consequences are high for firms.
In part 1 of our analysis on reporting, published last week, we explored the complex global regulatory regime designed to provide greater transparency in the financial markets and their policy drivers. In this second part of our analysis, we’ll be looking at the costs of reporting requirements for firms implementing reform.
While many firms’ risk, trading or accounts management systems may be described as ‘integrated’, the reality is usually very different. Due to takeovers, technology upgrades or many other reasons, architectures consist of a collection of solutions, siloes and databases that have been linked together to form the appearance of true integration.
Every time new reporting requirements are levied, firms need to look back across all these platforms (often hundreds for accounting alone), remediate the data standards they operate under and work with dozens of disparate data owners to put in place a new solution that is ‘fit for purpose’. Starting from scratch to properly organise a solution is difficult, expensive and time consuming, and it’s often easier to buy a solution for a specific report ‘off the shelf’.
Costs to date
This problem lies in the incremental nature of the reporting infrastructure. For each additional reporting requirement, firms face a hit to their cost/income ratio. Fixed costs can be as high as $18 million per year for trade reporting alone. In an industry where it has been estimated that 90% of a firm’s IT budget goes to maintenance of legacy systems, this figure, combined with the array of reporting requirements across MiFID II, COREP, FINREP, etc., can quickly become astronomical … and, eventually, unsustainable. Not only that, with each tacked on solution, the ability to aggregate or remediate those reports across platforms lessens.
But there is little incentive to invest vast amounts of resources to get this right. Firms in the UK have been fined a total of £33 million over the last six years for MiFID transaction reporting failures, less than £5 million for risk reporting failures (there are capital charges to account for) but none for trade reporting … so far (the only regulator to identify penalties has been CONSOB which will fine between €2,500 and €250,000). Compared to the hundreds of millions of fines – per firm – for systems and controls breaches, such as client assets, money laundering or benchmarks, the consequences of getting it wrong are not high enough to justify the infrastructure changes to get it right.
GIGO and the regulatory response
The result is that regulators, without the good quality data with which to analyse the financial system, find their statutory objectives to prevent future crises compromised. Their problem is the classic risk of Garbage In, Garbage Out’ (GIGO), where they may be getting the data they need, but not in a way that gives an accurate portrayal of the system, thus creating the illusion – but not the reality – of control.
Regulators are aware that this is a problem. Measures, such as the BCBS’ ‘Principles for effective risk data aggregation and risk reporting’, are aimed directly at fixing how firms operate internally with regards to data management. They ask for significant changes to how banks operate and, with a January 2016 deadline, there is not much time to comply. The January 2015 progress report on implementation from the BCBS highlighted that firms will be significantly challenged to meet the 2016 deadline – with one third of them expecting not to.
And it’s not just the BCBS focusing on this. Under the EU Bank Recovery and Resolution Directive, supervisors will be assessing firms’ “report generation, internal information flows and databases” as part of the resolution plans submitted and, as other regimes mature (e.g., trade reporting), will be keeping a closer eye on the reporting solutions employed.
Part of the problem firms face is that regulators are continually defining new terminology while remaining unnecessarily vague about their data requirements. A good example comes from the EU regulatory Joint Committee paper which points out that ‘securitisation’ has four different definitions across PRIIPs, SFTR, CRR and MiFID II. This type of problem becomes more complex when expanded across borders – not to mention when further confused by differing formats, actors or ingestion methods. Without granular, clearly defined and commonly adopted standards for regulatory data definitions, firms’ implementations will always be unnecessarily difficult.
The global Legal Entity Identifier (LEI) has been touted as the answer to many of these issues. A common identifier that accurately identifies clients and counterparties across platforms, jurisdictions and report types has been seen as a ‘silver bullet’ for reporting counterparty data quality. However, the LEI still lacks the relationship data on direct and ultimate parents of legal entities that the Financial Stability Board (FSB) deemed “essential” for risk aggregation in 2012. While there is a planned consultation on this relationship data, there remains an array of issues around whether ultimate or direct parent should be used and still no agreement as to how they should be defined. The LEI is certainly the right direction but, without answers to these questions, firms remain reluctant to implement the LEI for their own internal systems, relying rather on their internal identifiers that they have full control over.
While movements towards new standards, such as XBRL, are welcome and new initiatives, such as the LEI, are helpful, ultimately, regulators are asking firms to upgrade how they manage and report their data, without providing clear standards as to how this should be accomplished. Firms are, therefore, reluctant to do this when faced with such a shifting regulatory landscape.
As it stands, regulators continue to collect more and more data but are left without the ability to accurately make sense of it. Read our article on REMIT as a good example of that.
In part 3 of our analysis on regulatory reporting, we will look at the paths available for firms to take and some potential ‘resolutions’ of the conflict.
For a good time, join our MiFID II LinkedIn Group and read up on our trading articles on RegTechFS. Also, there are still places available to attend the 7 July City & Financial Global workshops on MiFID II implementation. For an overview of the first workshops held earlier this month, see our piece on MiFID II implementation.