Financial Controls & Regulatory Reporting

  • |
  • 34 mins 36 secs
London • Harpenden
Tel: +44 (0)1582 764000

New York
Tel: +1 212 661 4111

If you have found this report informative and would like further information please email at [email protected]
PRESENTER: The challenges of regulatory reporting mean different things to different organisations, but one common factor is the speed of change and increase in complexity. So in this Akademia unit we’re going to be looking in more detail at the issue. On the panel are Gillian Boston, Head of Business Consulting; Hugh Burden, Head of Business Development; and Gordon McHarg, Managing Director, all from AutoRek. There are three key learning outcomes: how is technology being used for financial reporting; how best to implement technology projects; and the challenges of regulatory reporting. But first I spoke with Gordon to find out about how technology is currently being used for financial reporting.

So, Gordon, let’s start with the situation for financial services. When it comes to regulation, what are we looking at?

GORDON MCHARG: Well, remember the Global Financial Crisis? Of course you do. Many firms are still paying the price for what many consider to have been a largely avoidable collapse. Regulators across the globe have been empowered to introduce new regulation in order to increase and improve public confidence, and provide the granularity and transparency in the industry in order to stabilise the market going forward.

PRESENTER: So looking at challenges then that the financial services sector face when it comes to regulation, talk me through these.

GORDON MCHARG: OK. So the principal challenge is really one of data management. Many organisations have multiple systems, both internal and external, where they’re effectively pulling that data together for purposes of financial control to demonstrate to the regulator that they are indeed in control, to demonstrate that they have full protection of client money, for example, and there are many regulations such as MiFID II, CASS, FATCA, CRS, a number of different regulations, which are both jurisdictional and global. So for many organisations acquiring that data, managing that data and providing the transparency required for regulatory reporting, but also to give the firm assurance of themselves that they are in control, is an extremely difficult problem.

For many organisations, the traditional answer, historic answer has been to implement large IT projects with large data warehouses and operational data sources. But these projects often lead to solutions which are blackbox solutions and the business does not have the visibility and transparency they require in order to validate and be confident in what they are reporting to regulators. Also with the increased regulation it’s been very difficult for organisations to cope with the level of change in their systems. So it’s frequently the case that end user computing solutions such as Excel or small database systems are developed in order to meet the deadlines of the regulation. These are short-term tactical solutions, which do not provide the robustness and auditability required for the regulation.

So, as organisations move forward, it’s increasingly important that they deliver enterprise capable solutions, but solutions which business users have full insight and transparency, where they have full insight and transparency of the data. So in many cases the solutions are required to have full auditability and traceability, but that has to be visible to the end users. Not to someone in IT, obviously you’re going to have IT input into solutions, but it’s very, very important that the business users can see the data, understand the data, understand where it came from, any aggregation or disaggregation, any control points required. These all have to be visible to the end user.

Ultimately, these are the individuals that will be responsible to the regulator, and with the increasing emphasis on individual accountability, it’s very important for those individuals then to have that information and to have the confidence in what they are ultimately reporting both within the business and to the regulator.

PRESENTER: So this is where technology comes in. How is it being used for financial reporting?

GORDON MCHARG: So in many organisations we are looking at implementing automated intelligent rules-based solutions. So these rules have to clearly apply the regulation and detail of the regulation, but they also have to assist with the remediation and, if you like, the rapid response required within the business. Some regulatory reporting deadlines are extremely difficult for organisations. So it’s important that technology is developed and is being developed to really apply intelligent processes, both for acquiring data, identifying any issues with it, integrity with it and escalating that data within the organisation to the appropriate individuals. So, clearly, for financial data, making sure that the finance team have responsibility for that data, accountability for that data, but making sure they have the tools to work with that themselves, again rather than it being an IT solution or some Excel spreadsheet with a few hidden macros that were developed five years ago by someone who has since left the organisation.

So the IT solutions effectively have to encapsulate some of the rules, some of the intelligence required; reducing the skills required of the individuals. Increasingly, again, in the market it’s very difficult for organisations to find, hire and retain the appropriately skilled persons. And those individuals not only need to understand the business in detail, they have to understand the details of the regulation as applied to that business. That can be very difficult to find in the market, so it’s increasingly important that technology solutions allow those rules to be included in the configuration of any software. So clearly there are a number of new technologies around machine learning and artificial intelligence all being applied to this area in an attempt to, I would argue to deskill the process to an extent, but probably more importantly to make sure that the business users have full confidence in the data they’re looking at and the reporting that they are providing to the regulator.

So as well as the data management requirements in terms of the dataflow or the workflow processes, the automation, the rules, increasingly customers are looking to manage their own analytics, provide dashboards, allowing users to create their own perspectives on the data. Clearly individuals have different requirements. So a compliance team might have a slightly different perspective on the data from, for example, a financial operations team, and empowering users to configure those dashboards with the analytics, with the detailed drilldown, allowing both senior management and operational teams to access the data, at a high level view indicators or RAG indicators, performance indicators, but drill down into the detailed underlying transactions and I suppose understand any risk that may be presented from that data.

PRESENTER: So then what would a solution look like?

GORDON MCHARG: So any solution has got to include, I suppose, a number of different capabilities. Some of which I’ve already talked about, so sourcing data, very high volume data in many cases, bringing that in in an efficient and effective way. Applying rules, again, with regards to the volumes, making sure that those rules can be applied in a timely manner, and any exceptions to that, so organisations, financial services firms have significant challenges with data quality and integrity of the data, so being able to process that data with rules. Enrich the data potentially with market prices, for example, or perhaps with additional reference data, market data, providing, if you like, a golden source of information for reporting purposes and for internal controls.

As well as that, there clearly is the remediation and the fix, if you like, for the data, and being able to account for any postings back to source systems. So while a reporting platform certainly must produce the output, as far as the regulator is concerned and as far as a financial controls perspective concerned, they are also required to, if you like, remediate and fix this source system. So posting back into those solutions is an important capability of any platform. And I’ve mentioned already the dashboard capability, so clearly there are specific templated reports. So the submission requirements for, for example, a CMAR report or for FATCA, CRS, those are specific templated reports that have to be produced for the regulator. In addition to that, organisations spend quite a significant amount of time producing executive management and management information, both from an operational perspective but also from a risk management perspective as well.

PRESENTER: Gordon, thank you.


PRESENTER: As regulators continue to focus on restoring confidence in markets and improving transparency, firms’ capability and capacity to deliver are continually being tested from an economic and regulatory perspective. Automating processes, increasing operational efficiencies and mitigating risks are key to relieving some of this pressure. So in the second part of this Akademia session we’ll go back to Hugh to find out about how best to implement technology projects.

So, Hugh, you’ve been dealing with senior financial professionals for quite some time, so how has the financial control function changed over the last few years?

HUGH BURDEN: Well, it’s changed enormously. There’s a huge amount more complexity involved in the role and that means there’s a greater need for a granularity around the understanding of the data involved with the role. But I think we’re going to go into that a little bit later. What I’d like to focus on, first of all, is just building on what Gordon said earlier on around the understanding of technology. So right across the city at the moment there are multiple large IT projects going on, and what often happens in large financial institutions is that the technology expertise is bought in, but the actual business expertise, the real detailed understanding of the core business processes, that often sits within both the finance department and the FINOPs department. So what we find is the senior finance executives, they haven’t really thought about things like system selection and different types of technologies when they’re going through their accountancy exams. So that’s all experience that needs to be learnt over five, ten, twenty years on the job. So actually getting a real grasp of what the technologies are available out there, that’s proving to be a big challenge for a number of them.

PRESENTER: And looking at the main pain points for financial control function, what sort of things are we looking at?

HUGH BURDEN: Well, if you ask any CFO out there, he’ll have a list of pain points literally as long as his arm, OK. So we can’t cover them all here, but I’ll just focus on three. First of all, I know a number of people are struggling with scalability. So what I mean by that is when things are good, and at the moment in many financial sectors the numbers are up, profits and revenues are going in the right direction, but what the key point is how do you control cost in that environment. And in many cases just throwing more staff at the problem is the answer. And if that’s your model, you really need to look again because there are smarter ways about doing it. The second point I want to cover is the production of management information. So what we see is literally, I’d like to say it’s a cottage industry, but actually it’s industrialised out there. We have teams and teams of people producing MI, both on spreadsheets and PowerPoint, and this has been driven by the insatiable demand from boards, risk committees, remuneration committees, audit committees, team meetings, the list just goes on. And that’s not a really scalable or tenable model going forward, so we have to find smarter ways to do that. And the third point that a lot of people are talking out there at the moment is the cost of capital.

So, prudent capital provision and regulation around that has been around for some time, but since the credit crisis there’s been a real focus on this and companies are really struggling to understand in a granular way how much capital is being tied up. And it’s really important because the cost of tying up that capital is a real cash cost to the business. If it’s tied up in capital provision they can’t use it basically to fight the war out there.

PRESENTER: And what are the riskiest practices you see in the market?

HUGH BURDEN: So, Jenny, that’s literally the easiest question you’re going to ask me all day. So it’s the absolute overuse and overreliance on spreadsheets. So what we find in organisations is they’ll have a number of key systems, their general ledger or treasury system, maybe a risk system and trading system, but traditionally these systems haven’t spoken to each other, they haven’t communicated correctly. So from a finance perspective what people have done is they’ve reached for spreadsheets. And that’s been fine because actually spreadsheets are really well understood by accountants, they’re really flexible and really user friendly, but the problem starts to occur when auditors and regulators are starting to communicate that housing key financial controls on spreadsheets, it’s just not acceptable anymore, and there’s some really good reasons why spreadsheets aren’t acceptable.

First of all, auditability: as I said, the auditors want to see point-in-time data. They want to see things time-stamped, date-stamped and name-stamped. And they also want to go back to point-in-time data. All of these are a bit of a challenge for spreadsheets. Secondly, volume: I’ve often gone into firms and I see key financial controls being housed on spreadsheets and this spreadsheet might have 750,000 rows of data, 65 columns and macros, again I think Gordon pointed to it yesterday, macros built maybe five years ago by only one person that understood it and actually they have left the business now. So that’s a real challenge. Thirdly, then there’s version control. Even in a time of cloud computing, SharePoint sites, shared directories, it’s a real challenge to make sure the correct version is being utilised and the right version is being kept up to date. And then fourthly you have the automation point, which is a subject really close to our heart. But spreadsheets, no matter how many macros you have on them, no matter how many clever things you do with them, they always require some level of manual intervention.

PRESENTER: So what are the main changes on the horizon for senior financial and also FINOP professionals?

HUGH BURDEN: Sure. So I know Gillian, my colleague, is coming in to talk about regulation and I certainly don’t want to steal her thunder, but I’m going to pick on one because the Senior Management Certification Regime I think is going to be a whole new world for many, many finance professionals out there. So there are a number of large financial institutions that have been finding out what the SMCR means, but throughout 2018 I believe the pyramid is really broadening and we’re going to have about 47,000 extra firms caught under SMCR. Now, when we consider what SMCR was set up to do: firstly to make sure that the business is being ran by fit and proper people and secondly to make sure that there are no unnecessary risks being taken in the business. And if we consider that second one.

For senior professionals to personally attest that no unnecessary risks are being taken, they really need to understand that data, they need to understand their operations and all the underlying activities beyond that. At the moment I don’t think many firms or many senior finance executives can point to that. But actually going forward there’s going to be some unintended consequences. So if you consider for example recruitment of senior people, are they going to join a firm that is unprepared to invest in systems that allow them to discharge those duties? Are they going to join a firm that is asking them to personally attest, to put their own reputation on the line from a regulatory perspective, unless the infrastructure is there to support them?

PRESENTER: Well when it comes to the cost of compliance I suppose a lot of people are wondering about this, especially when it comes to regulatory fines, reputational damage, I mean how to manage this?

HUGH BURDEN: So I said you asked me the easiest question, this is probably the hardest question you’ve asked me because there are a couple of different layers to it. If I can tackle the cost of compliance first of all, I think one thing is clear, spending millions of pounds for Big Four consulting groups in an effort to avoid fines, I think that’s probably a thing of the past. I think the RegTech sector is rocketing up the agenda on many organisations’ radars and RegTech is going to be utilised, I think, in a much more proactive way going forward, and that’ll help to some degree the cost of compliance, which over the last number of years has been more people, more consultants, more advice. But the second part of the question where you talked about reputational damage versus fines, I think that’s a really interesting neighbourhood at the moment.

So the regulator, the FCA, has been really clear on this. They look to be migrating from a fine-based type of environment to a culture and principle-based regime. And Jonathan Davidson himself from the FCA communicated this in a speech late last year. And indeed he used a parallel, which I think he himself borrowed from a popular economics book; however, I’ll just pause, I’ll just go into that slightly, which is the role of nurseries. So children’s nurseries, one of the habitual problems when running it is the late arrival of parents, and the way that this is typically controlled is just by the parents themselves having a sense of duty, a sense of guilt by going up late to pick up their kids and keeping the staff late. Well, a group of curious economists thought I wonder what would happen if we introduced a fine for late pick-up.

So over the course of a number of months they picked a select few nurseries that had a 5 to 7% late pick-up when the experiment started, but actually then they introduced a modest fine for parents. And what happened, the late pick-ups went from 5% to 10%, ended up at about 28%. So what happened there? It legitimised the late pick-up; it put a price on it. It was no longer a sense of guilt or a sense of shame; it was actually a financial transaction. And the regulator uses that example to illustrate that fines are not always the most effective way of getting people do to what you want them to do.

PRESENTER: So to summarise then what are the key takeaways for our viewers from everything you’ve said today?

HUGH BURDEN: So I think senior finance professionals are coming up to a very clear Y in the road essentially. So on one hand they’ve got the ability to embrace and learn about all the technical and technological solutions out there to benefit from automation, robotics, AI, and indeed just take that robust technical solution to some of these issues. On the other side, you can keep doing what you’ve always been doing, which is employing more staff, incurring more direct cost and, yes, having more spreadsheets.

PRESENTER: Super. Hugh, thank you.

HUGH BURDEN: Thank you.

PRESENTER: Regulation is primarily designed to protect consumers, mitigate market abuse, increase market stability and promote healthy competition between financial service providers. So in this last part of this Akademia session we’ll turn to Gillian to look at the challenges of regulatory reporting moving forwards and how to be prepared.

So, Gillian, the regulatory agenda, it’s really starting to bite now. So how would you say then that the industry is responding?

GILLIAN BOSTON: So I think it’s been biting really for quite some time now. We’ve already heard it’s been 10 years since the Global Financial Crisis and it’s almost 10 years since the collapse of Lehman Brothers. And I think within the industry the general feeling is that the level of scrutiny from the regulators really is unprecedented and continues to prove challenging for firms.

PRESENTER: And with this continued focus on regulation throughout the finance industry as a whole really, what would you say are the key challenges that they’re really facing?

GILLIAN BOSTON: So I really do think that high on the agenda is the cost of compliance and examples of that, or recent examples of that were the cost of implementation of MIFID II, there’s GDPR, and also the additional cost with the enhanced CASS audits. Now, the cost of compliance doesn’t necessarily go hand-in-hand with business benefits. So what I mean by that is the cost of compliance doesn’t necessarily result in the driving up of revenues, it doesn’t necessarily mean operational efficiencies. And I do think that can be quite frustrating for firms, but equally we talk to firms who do actually feel that the cost of compliance and regulation actually is a barrier to expansion.

PRESENTER: So, regarding the documentation required to be sent to customers in respect to MIFID II and GDPR, customers, they’re becoming frustrated themselves when it comes to these things surely, so why and what sort of issues does this raise?

GILLIAN BOSTON: So that’s a really interesting point. What we’re hearing from some firms is that indeed customers of theirs are pushing back and saying why are you sending me so much documentation, why are we getting so much communication, indeed why are you asking me for what seems like the same information that we’ve already sent you? And of course what then happens is that firms have to go back and talk to their clients again and say look we have to do this, it’s mandatory, we have to do this to meet our regulatory requirements and our obligations. So you can understand why customers then perhaps can be frustrated when they have to continue to receive this information. So it’s almost like a bit of a mixed message there. It’s regulation versus customer experience so, yeah, that’s certainly what we’re hearing from firms at the moment.

PRESENTER: And what are the positives?

GILLIAN BOSTON: So looking on the bright side and using CASS as a good example, what we’re hearing from firms are that actually they are welcoming the increased scrutiny from their CASS auditors. And the reason for that is because they feel that their auditors have a better understanding of the business, and because of that they’re actually getting a better service during the audit process, but of course the flipside of that is that the audits are more expensive. The audit fees are higher and firms are wondering are those sustainable.

PRESENTER: Now, it does seem that regulatory requirements are somewhat open to interpretation. Does this raise much issue?

GILLIAN BOSTON: Well it can do. I mean absolutely they are open to interpretation in some respects. So a firm may look at a rule and interpret it one way in their business context, a consultant may look at it in a different way, and of course the auditors may have a different interpretation as well. So I think of course the easy answer would be if they could be clearer, and when I say clearer it’s in terms of what the regulator is expecting and what the regulator is hoping to achieve from those rules and from the guidance as well.

PRESENTER: So more specifically what technology challenges are you seeing firms face?

GILLIAN BOSTON: So I think if you think about the amount and the speed of change in regulation, firms are having to extract, amalgamate and consolidate from different systems within their organisation. Now, these systems aren’t really designed for regulatory reporting. And the other thing about them is that these systems, they can be different across regulated entities, across departments, across business units. And also where there are legacy systems involved, it can be really challenging for firms to get their hands on all of the data that’s required.

PRESENTER: And in terms of data quality, are there issues there that they need to address?

GILLIAN BOSTON: Well, certainly, and the better quality the data the easier it’s going to be, but certainly if there is erroneous data, inconsistent format, inconsistent content, if there’s missing transactions. And just going back to thinking about the format, if you’ve got different systems that produce data in different format, challenge straightaway. But I also think ultimately that the returns that you have to send to regulators, they’re probably going to have to be reported in a different format as well. So I think if you combine all of what I’ve just said there, it can be a real challenge for firms to produce returns that are complete, that are accurate, that are consistent, and also to produce those on a timely basis.

PRESENTER: OK. So a little bit earlier on we spoke about regulatory reporting and these different interpretations of regulations. So going back to that a little bit, what would be the best way to combat the differing interpretations would you say?

GILLIAN BOSTON: So as an example we were at the Client Asset Protection Conference in London the other week and actually that topic came up and one of the suggestions was that the FRC, so the Financial Reporting Council, the FCA and indeed the industry actually got together and discussed rules and regulations. In particular those ones that are certainly open to interpretation. Again, that’s to really understand what the regulator is trying to achieve. But I suppose also it’s thinking about the governance and the processes that you have within your organisation, how you can actually evidence. And that’s such an important word, it’s to evidence and demonstrate your decision making, how you’re applying the rule, so on and so forth. Because that’s going to put you in a much, much stronger position if you’re challenged by the auditor or the regulator as well that you can produce the evidence to show why you’re doing it and the interpretation of the rule.

PRESENTER: Well, following on from what we heard from Gordon and then a little bit later Hugh, it does certainly seem that data is underpinning all these regulatory challenges, so what sort of initiatives are you seeing firms do to combat this?

GILLIAN BOSTON: So I do think the tide is turning in terms of firms embracing technology, and we were talking to a firm the other week who are now using robots to do reconciliations. And the key to that for this firm was that they wanted to mitigate the risk of human error because previously they were using manual processes and spreadsheets to do those reconciliations. So I think really firms are looking to longer-term strategic solutions rather than shorter-term tactical solutions and that does appear to be so that they can fulfil their desire to keep the cost of compliance down. And if you think about scalability and adaptability, that goes hand-in-hand with firms wanting to grow, and also being able to meet those challenges of regulatory reporting, certainly when the regulations are still evolving or indeed changing.

PRESENTER: On the subject of embracing technology, the FCA have set up a RegTech team. It’s called TechSprints. Talk me through what they do exactly.

GILLIAN BOSTON: So the TechSprints are, if you like, a meeting of minds. So you have financial services providers, you have technology providers and you have SMEs who come together and discuss potential solutions or ways in which to solve regulatory challenges. Now, there’s been four TechSprints to date. The most recent one was regarding machine executable reporting. And it’s also worth mentioning at a recent event there were 100 developers from 30 organisations that took part. So I think it’s fair to say that we can see organisations as well as the FCA embracing technology. Now, the next TechSprint is going to be based on anti-money laundering as well as financial crime, and what we understand is that international regulators have been invited to participate. So again there’s a strong signal there that the FCA are embracing the use of technology.

PRESENTER: So it sounds like it’s really about being in control of your data and data integrity. How best then can that be achieved?

GILLIAN BOSTON: So I think it goes back to thinking about that strategic solution, really a holistic approach to data and data management, and what I mean by that really is having that single source of truth of data. So if decisions are to be taken within an organisation, you want to be going back to the same source of data; albeit that you may want to take a different cut and look at it in slightly different ways. But also if you think about regulatory reporting, you want to go back to that same source of data and take out the varying elements that you need for the different regulatory returns. And just to say on that point, we do know that the FCA does compare returns from firms to make sure they are consistent, so I think that is an important point to mention too. And, as mentioned already, scalability and flexibility and that really goes hand-in-hand with the emergence of global reporting or global regulation, and a good example of that would be FATCA and of course CRS, the Common Reporting Standard.

PRESENTER: So Gill then would you say technology is the way forward to address the challenges of regulatory reporting? You’ve sat on both sides of the fence, you’ve been a leading, you’ve led finance and regulatory teams, but you’ve also been an auditor, so what would you say?

GILLIAN BOSTON: I have, so if I think firstly about when I was leading finance and regulatory teams, really it was so important to have data that I could rely on. And that wasn’t necessarily all of the case and also the capability of working with that data. So for example if I was doing regulatory returns, I would want to have data that’s been validated, have data that’s as clean as it can be. I talked about the quality of data. So what you typically would find unfortunately is you would get different cuts of the data because you would find errors in that data, you would find missing transactions and all those things that we talked about already about data quality. And that would always tend to lengthen the time it would take to get to that completed return. In terms of the data quality as well or the way the data is presented, I must confess we did use spreadsheets quite a bit of the way and there was manual processing.

So again thinking actually back to what Gordon was talking about, if you have that data presented to you, it’s been validated, you can rely on, but also having the drilldown capability is so important. Because time and time again when you’re doing regulatory returns, they will be reviewed by senior management. They may even go up to the board and they will come back with questions. And unless you have that drilldown capability and unless you have that trend analysis and the analytics that go hand-in-hand with that data, it can be quite a difficult process. And again I know from experience to answer questions that are raised on the information that you are presenting to senior management. And indeed that goes hand-in-hand when if the auditors look at the regulatory returns or indeed the regulator looks at the returns.

The other difficulty if you’re doing this manually is the audit trail. So we heard from Hugh the limitations, if you like, of spreadsheets and one of the areas he focused on was that spreadsheets aren’t open to audit. They’re not. We know they’re not. But I think again it’s about having that full audit trail: where has your top level number come from, what is the transaction, what’s the information that sits behind that. And again if you have that all in a single repository it just makes your life so much easier. But also it makes it a much, much more efficient process and I think again that’s why we see firms looking to technology to help them in those situations.

PRESENTER: So what about from an audit perspective?

GILLIAN BOSTON: So I’d go back, this is a wee while ago when I was an auditor and certainly I was a CASS auditor at a certain point in time as well. So again the more robust the financial controls framework is in place the more robust, if you like, the management of data, then straightaway, it’s almost like going back to what I said about being in a finance team, you can rely on that information, you can do a lot of the work more quickly, certainly if it’s much more readily available to you. So again thinking about that single repository, thinking about the financial controls framework, thinking about that demonstrable audit evidence, if that can be collated or as easily accessible as it can be to your auditors, that certainly makes an auditor’s life an awful lot easier. And again going back to what I was saying about the trend analysis, so on and so forth, if there are explanations that are required as to why, even just doing an analytical review and seeing why revenues have moved in a certain way, why expenses have gone down, all of that good stuff, if there’s that real evidence to substantiate it and the data is telling you the same thing then it absolutely makes an auditor’s life an awful lot easier as well.

PRESENTER: OK. So finally let’s go with the key takeaways then that you want our viewers to take away from this session.

GILLIAN BOSTON: So I think I would echo what Hugh said, it really is about embracing technology. There’s so much that technology can do to help firms mitigate risk as well as making the challenges of regulatory reporting, facing that head-on and making that a more efficient process, really so that firms can do away with manual processes and spreadsheets for good.

PRESENTER: Gillian, thank you.


PRESENTER: In order to consider the viewing of this video as structured learning, you must complete the reflective statement to demonstrate what you’ve learnt and its relevance to you. By the end of this session you will be able to understand and describe: how is technology being used for financial reporting; how best to implement technology projects; and the challenges of regulatory reporting. Please complete the reflective statement to validate your CPD.