More than a decade has passed since the global financial crisis. The crisis exposed a range of risk vulnerabilities - both in the financial regulatory system and by the ways financial institutions managed risk, including capital and liquidity requirements; exposure to risky and ill-defined financial products; and insufficient governance and oversight, among others.
Today, U.S. bank holding companies (BHCs) and foreign banking organizations (FBOs) continue to face an onslaught of scrutiny and examination. The Federal Reserve regularly collects reporting information from banks, whose requisite data it uses to help monitor current and emerging risks. The Fed continues to expect timely, accurate and complete reporting with higher levels of granularity and complexity while maintaining quality standards. While there has been some relief for small banks, there's been little to no relief for global systemically important banks (GSIBs) and intermediate holding companies (IHCs).
If financial institutions are found to be noncompliant by federal regulators, the consequences can cause significant disruptions to business operations and may result in punitive actions - profoundly impacting a bank's reputation and bottom line. As a result, banks are allocating more resources - new personnel and teams, tech spending, altered reporting processes - to maintain compliance. Across the board, financial institutions are assessing their operating models to strengthen data quality and reporting accuracy as a means to proactively address and mitigate financial, reputational and operational risks associated with noncompliance.
Although financial institutions have made significant progress in the past decade surrounding regulatory reporting and compliance, challenges still remain. To achieve a better understanding of the current state of regulatory risk reporting and garner insights relative to how financial institutions are addressing its volume, complexity and changing nature, EY issued a new report, Optimizing the regulatory reporting function: 2018 Federal Reserve Regulatory Reporting Survey.
How are banks shoring up resources to protect against emerging risk areas?
Regulatory reporting departments (RRDs) are introducing new reporting requirements and have enhanced their reporting processes across four key areas:
- Higher data integrity and reporting accuracy
- An increasing emphasis on internal controls, including governance and accountability
- Optimization and automation of the current process
- An emergence of quality assurance (QA) teams
As Federal Reserve Bank expectations around data quality and reporting transparency have heightened, banks are investing in strategic data and technology solutions to support regulatory reporting needs, resulting in better reporting accuracy. Banks are also shifting their focus on reducing reliance on multiple independent data sources and vendors to foster a more streamlined, integrated approach. In addition, the development of independent QA programs has become an industry practice and expectation of regulators: firms are continuing to build out their QA functions with more robust testing and remediation frameworks.
In 2012, only 31% of surveyed institutions had independent QA teams; today, that percentage has increased to 62%. Taken collectively, these proactive measures will help to mitigate emerging areas of operational risk that could significantly disrupt domestic and global operations.
What types of risks are financial institutions encountering in regulatory reporting activities?
Following the global financial crisis, federal regulators are assessing banks on a more frequent basis - and at historically higher levels of scrutiny. There are new requirements financial institutions must focus on to operate sustainably and efficiently. Some primary concerns for today's financial institutions highlighted in the 2018 Federal Reserve Regulatory Reporting Survey include regulatory, reputational and operational risks.
The majority of financial institutions are allocating resources - technology, personnel and capital investments - to reduce regulatory risk and position themselves more strongly to manage evolving regulatory expectations. To keep up with these expectations, firms have been continually investing in their data infrastructure and governance models to meet enhanced regulatory expectations. Failure to produce timely, compliant and accurate information results in major operational and reputational risk.
So how are banks combating this? Many firms' solutions include investing in third-party vendors to help increase efficiency and consistency across regulatory reporting. While the goal is to streamline and automate the reporting process, the overall technology challenge for 72% of firms surveyed is contending with multiple independent data sources and source systems, which can lead to increased risk of reporting inconsistent information and a lack of reporting standardization.
To alleviate the technology and operational risk inherent in regulatory reporting, it's imperative for financial institutions to initiate a comprehensive audit and subsequent action plan of recommendations to generate greater standardization and consistency in how information is collected, analyzed and reported to the Fed.
An additional area of concern that the survey revealed is that firms are having trouble hiring, developing and maintaining teams with relevant regulatory reporting experience - a similar trend found in the 2015 survey. While the automation of certain processes will continue to streamline regulatory reporting, obtaining talent experienced in both analytics and advanced technologies has been especially challenging.
Reporting professionals need to be adept at using sophisticated technologies that help with quality data analysis. It's an overall operational risk if regulatory reporting teams aren't able to use technological advancements to assess their institutions' current risks - and proactively manage them.
Where do we go from here?
Financial institutions have significant room for improvement as they address risks proactively and position themselves for long-term, sustainable growth. EY's survey showed that firms are shifting their focus to finding solutions to automate portions of the reporting process, leaving less room for human error and more room for quality data analysis. Forty-three percent of firms characterized their reporting process as “partially automated,” which is a decrease from 56% in 2015. This is explained by the number of firms that responded as “mostly automated,” indicating steady progress toward greater levels of automation.
While it's encouraging to see financial institutions embrace automation to improve regulatory reporting processes, it's critical for firms to institute a comprehensive change-management strategy that articulates clearly how humans will be reskilled or upskilled to fully exploit the potential of these technologies.
A lack of maturity in regulatory reporting - whether related to antiquated legacy systems, insufficient data-gathering capabilities or a lack of qualified talent - inherently carries major reputational, operational and enterprise risk implications. However, if firms, going into 2019 and beyond, approach the regulatory function with a clear plan of attack, based on thoughtful insights from examinations, they will be in a very strong position. Further, financial institutions can focus on automation, optimization and improving regulatory reporting-requirements alignment through policies and procedures, establishing formal regulatory reporting training programs and increasing automation throughout the entire reporting process. As banks invest in resources that improve risk management strategies, the future of the regulatory reporting function will enhance processes to reduce risks - setting financial institutions up for an easier examination process and future success.
Anita Bafna (anita.bafna@ey.com) is a partner, Vadim Tovshteyn (Vadim.Tovshteyn@ey.com) a partner and principal, and Steven Thiakodemitris (steven.thiakodemitris@ey.com) a partner with EY. Also contributing: senior managers Christine Burke (christine.burke@ey.com) and Sarah Sy (sarah.sy@ey.com). The views expressed by the authors are not necessarily those of Ernst & Young LLP or other members of the global EY organization.
More
