If Regulation Is Black And White, Why Is Compliance So Grey?
By Brian Lynch, CEO, Risk Focus
A common theme in articles and conferences on trade and transaction reporting is the concern that firms are not meeting regulators’ expectations with respect to ‘adequate controls and oversight’. This is in spite of trades and transactions being reported on a regular basis and is true whether firms rely on direct or delegated reporting. In truth, the acceptable level of control and oversight is difficult to define and the problem is exacerbated by the lack of harmonisation and enforcement across various global regulatory jurisdictions.
Regulations are at times vague on control expectations, demanding suitable, adequate, or indeed reasonable efforts. Sometimes they are silent. For example, in Europe, the EMIR texts aren’t explicit and it’s the local NCAs (National Competent Authorities) that police the quality and appropriateness of controls. That said, regulators are paying more attention to data and don’t always like what they see. ESMA has steadily expanded its demands for specific data content and quality rules for EMIR (including ESMA Level 2 Validations and the impending EMIR Rewrite). In addition, the grace period for bedding-in EMIR reporting and establishing good data quality is widely believed to be nearing an end and it’s only a matter of time until EMIR enforcement begins. The CFTC is not far behind, with a comprehensive advisory letter from the Division of Swap Dealer and Intermediary Oversight (December 2015) along with the Draft Technical Specifications on Certain Swap Data Elements issued for comment through the early part of 2016.
How are firms dealing with the problem? What I am seeing in top-tier sell-side organisations, i.e. primarily swap dealers in the US and derivatives trading firms in Europe, is institutions investing significant sums in control teams and infrastructure. Unfortunately, this level of investment is out of reach of most tier 2 & 3 organisations and is not being considered by most of the buy-side organisations I speak with. This is understandable, considering that trade and transaction reporting is already costing firms millions of dollars at a time when they are looking to reduce costs. That said, no one wants to be held responsible to regulators, so the recurring question is: “What can firms do to beef up their controls without breaking the bank?”
I believe that an ‘adequate’ supervisory framework is one that will allow a firm to answer four key questions:
- Did [we/they] report the appropriate trade and transaction events?
- Did [we/they] report in a timely manner?
- Did [we/they] send complete and accurate representations of these events?
- Did [they] (SDR, ARM or TR) receive and process our data correctly?
Answering these questions requires access to at least 3 core components:
- Up-to-date data quality rules that describe what accurate, complete and timely data looks like,
- Reporting determination and eligibility rules that define what events are reportable,
- A rich reconciliation platform to compare data sets i.e. expected vs. actual or external vs. internal.
Building and maintaining these components and the underlying rules is not easy, so how can these services be offered at a reasonable price? The answer lies in embracing the Cloud and secure, scalable SaaS. While tier 1 firms are spending millions building custom solutions with large support teams, smaller firms with less data to report can be more nimble and take advantage of the Cloud in a way that the ‘big’ firms are unable or unwilling to do. Smaller firms still need controls that allow them to meet or exceed the regulators’ expectations without increasing headcount or buying new hardware. This can be achieved through hosted, managed services integrated with firms’ data to provide simple, exception-based reports that can quickly identify potential issues and alert the appropriate resources.
Leveraging a hosted product means that investment firms, asset managers, hedge funds and small- to medium-sized sell-side firms do not need to invest in servers, data centres, system administrators, developers and business analysts. Existing compliance and control resources can receive output via email or file, or they can log into a secure portal to review the results. Data can be stored for seven years to meet regulators’ expectations and used to report and prove that the firm has been proactive in providing controls to trade and transaction reporting systems, which includes checking what third parties have done on their behalf.
While it’s difficult to describe or measure ‘acceptable control’, that’s not an excuse to do nothing. The innovators in RegTech are working as hard as tier 1 firms to prove robust, cost-effective solutions that are more than just ’adequate’, helping firms to meet their regulatory obligations.
We’d love to hear your feedback on this article. Please click here