Regulatory Compliance and Reporting Challenges in Banking
(Published in the Financial Express in 2019)
Dr. Shah Md Ahsan Habib
‘Regulatory compliance requirements’ transformed tremendously over the years. Especially, banking crises and bank failure have always been notable forces to bring in new regulatory reporting requirements and practices. For example, after the Great Recession hit the USA the government instituted a number of new regulations and reporting procedures for the banking industry to prevent it occurring again in the future; and regulators’ concern on the heath of the banking sector received renewed impetus especially following the consequences of increased risks in the banking system, and their effects on the global economy due to the most recent global financial crisis. In addition, changing global regulatory and supervisory formworks brought changes in the regulatory reporting requirements. Like, banking industries across the globe have adjusted or are adjusting with the robust requirement of information reporting, calculations etc. with the introduction of Basel frameworks. The transformations are also associated with the incidences of financial crimes and necessities of consumer protections. After the most recent crisis, regulators across the world tightened the controls over financial markets and introduced new regulations and reporting requirements to improve transparency and accountability; to increase consumer protection; to handle financial crimes and to bolster corporate governance at banks. Newer technology is another crucial determinates in shaping the compliance requirements and reporting formats. A technology based solution that automates and streamlines the process to generate accurate reports in a timely manner is the need of the time and demand of the future regulatory reporting requirements. However, it is also true that greater compliance and regulatory reporting requirements brought notable changes in terms of complexities, high cost and consumption of business hour of the bank executives.
Though regulatory compliance and reporting requirements differ across countries and regions, regulators commonly require information on asset liability management, capital management, liquidity management, foreign exchange exposure, risk management, and more, to assess an entity’s financial condition. Data collected in this process are expected to facilitate effective supervision, early diagnosis of problems in the sector, and timely implementation of corrective action. Regulatory reporting also helps regulators plan and implement monetary and credit policies. Some of the reported information also serves as public disclosures to help investors, depositors and creditors to better evaluate the financial strength and vulnerabilities of reporting banks.
Traditionally, many institutions took a largely manual approach to regulatory reporting – typically via internal spreadsheets and macros which is prone to human errors and comes with numerous control risks. The results have been, freely changing or adjusting data, the risk of errors, inaccuracies and inconsistencies, and difficulty in audit trail. As a result, banking industries have started investing to ensure automation and control over data gathering, compiling, reporting and internal auditing. In 2019, it is anticipated that more banks than ever before would invest in strategic, automated technology – RegTech – to comply with their increasingly complex regulatory requirements, not only to avoid being caught out by wary regulators, but also to attain the levels of internal transparency needed for consistent compliance.
Regulatory reports are collected for several purposes and bank regulators require different types of reports that may be categorized under different dimensions. As the purpose these may be categories into: supervision; minimum requirements; market discipline; and financial reporting and disclosure requirement. Globally, the regulator supervises licensed banks for compliance with the requirements and responds to breaches of the requirements by obtaining undertakings, giving directions, imposing penalties or (ultimately) revoking the bank’s license. Often, these requirements are closely tied to the level of risk exposure for a certain sector of the bank. Today, most important minimum requirement in banking regulation is maintaining minimum capital ratios. The regulator requires banks to publicly disclose financial and other information, and depositors and other creditors are able to use this information to assess the level of risk and to make investment decisions. Effective reporting considerably depends upon the design of the regulatory reporting framework. Regarding the design of the report, the regulators should consider certain issues: the need for data balanced by cost; robust review process is in place; dialogue with the financial services industry is the key to good report design. Traditional challenges and pitfall associated with regulatory reporting are more or less well recognized: static databases; often cause significant classification errors; lack of understanding in the regulatory reporting requirements; challenge of being accountable; and absence of open communication and partnership with the regulatory reporting area. In connection with the challenges, the challenges financial institutions continue to face around producing core regulatory reports include: large numbers of manual reconciliations; data integrity issues; systems limitations; analytical challenges; resource and time constraints; and governance weaknesses.
Installing a regulatory reporting model is the pre-condition for ensuring effective regulatory reporting by banks. As a whole the banking system of any country needs ‘sound policy and control mechanism’ for ensuring efficient regulatory reporting framework. The component of such framework includes developing governance model; policy documentation; identification of accountability; and documentation of procedures. Regulatory authority should have operational agreement with the banks and several performance level indicators and benchmarking should be in place. Reliable data are essential for quality reporting. Data requirements must be well defined and clearly understood by the concerns of the reporting banks. Data gap assessment and validation process are essential.
Using sound internal process is crucial for the reporting banks; and use of software, reviews and internal control as the key steps. Using regulatory reporting software should interface with the related subsystems. There should be procedures for preparing each report; and reconciliations and manual adjustments should be clearly documented. Data should be thoroughly reviewed before submission (including a management review). Learning and communicating is the final stage that include working closely with business lines, accounting policy and audit; staying apprised on accounting and regulatory changes; coordinating with supervisor and data collector; and participating in the report design process. Internal control mechanism is crucial for ensuring best practices of regulatory reporting. Internal Control over financial reporting is about methods and procedures to provide reasonable assurance for the accuracy of regulatory reports. There are some control principles for establishing internal control mechanism over regulatory reporting. The broad principles cover: review and approval; interpretation of instructions; documentation; training Program; accounting; and record retention.
Practically efficient people and right technology are crucial elements. Technology adopted must also meet business and functional requirements. Bank executives engaged in the process of regulatory reporting must be capable and well trained. There must be well defined roles and responsibilities with clear definition. Banks must have concrete budget and training framework and delivery mechanism for them. As a whole, bank management needs to adopt due approach. Several ways banks can prepare for regulatory changes and reporting.
As financial regulators over the globe continue to place pressure on financial institutions to improve their compliance and reporting capabilities, strategic solutions need to be developed taking into consideration the end-to-end process and these strategic considerations should also be tied into broader regulatory mandates, such as the Basel Committee on Banking Supervision’s principles for effective risk data aggregation and risk reporting.