Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Minimum viable compliance whitepaper

105 vues

Publié le

Time to untangle the regulatory spaghetti - Avoiding the minimum viable compliance trap with new approaches to data management

Publié dans : Économie & finance
  • Soyez le premier à commenter

Minimum viable compliance whitepaper

  1. 1. BUSINESS APPLICATION INTEGRATION COMPLIANCE REPORTING TRADING RISK BUSINESS APPLICATION INTEGRATION Time to untangle the regulatory spaghetti - Avoiding the minimum viable compliance trap with new approaches to data management
  2. 2. 3Executive summary Executive summary COMPLIANCE CROSSROADS TACTICAL AND READY NOW STRATEGIC AND READY FOR THE LONG-TERM Are you set up to identify synergies within the current regulatory data and system requirements? As firms continue to be hit with new regulations, the pressure is on to navigate the maze of new data requirements. Firms no longer have the luxury of tackling one piece of regulation at a time, and the wave taking the market by storm appears to be never-ending. In fact, the focus on improving automation and streamlining processes appears to come second as firms now strive to hit fast-approaching deadlines. The project teams tasked with making the necessary changes to ensure a firm is compliant are typically focused on a single specific regulation and then simply source the data and systems to solve that problem. With this approach, firms fail to identify overlapping data points and risk potentially reporting on different numbers in different regulatory reports. Still, few are concerned about data duplication and siloed approaches and, despite not having systems in place months before a regulatory go-live date, there is confidence in the market that becoming compliant is achievable. The worry is that, when the aim is to hit a regulatory deadline and avoid fines, doing the bare minimum to comply does not fit in with strategic planning and long-term operational goals. This regulation-intensive environment means firms have two options—to continue to add more head count and implement tactical systems and processes to comply with new requirements, or to identify ways to work across project teams and find ready-made services that can be implemented quickly and to acquire regulatory data more efficiently. The latter option is the direction in which the majority sees the market headed and, according to a SIX survey, more than 70 percent feel there could be more opportunities for coordinating regulatory projects and defining synergies between regulations affecting the business. The survey revealed that firms continue to operate in a siloed environment and lack the ability to take an enterprise-wide view of regulation, which could hinder firms in hitting regulatory deadlines and ensuring reports are underpinned by quality data. The reality is that the market is overwhelmed by the amount of regulation affecting business, and the main method of dealing with regulation is still to increase head count. Increased head count, however, does not necessarily help firms ensure robust data quality, and having more personnel managing data may be affecting data quality rates as increased manual intervention further hinders automation.
  3. 3. 4 Introduction One of the basic principles of construction is to build walls before erecting the roof— unless it is about putting up a temporary cover to protect the building site in a rainstorm. When it comes to regulatory compliance it seems as if firms easily forget to build their walls before the roof—or they simply make do with a temporary rain cover. In many cases, the ‘building foundation’ seems to have been forgotten as firms become overwhelmed by the wave of regulation and lose focus. In the past, firms had more time to focus on each major new directive, as there were fewer regulatory deadlines to meet in the same year. Now, many organizations will be dealing with everything from Europe’s second Markets in Financial Instruments Directive (Mifid II) and Packaged Retail and Insurance-based Investment Products regulation (Priips), and the US’s Foreign Account Tax Compliance Act (Fatca) to Switzerland’s Automatic Exchange of Information (AEOI) and Financial Markets Infrastructure Act (FinfraG) all at the same time. Considering the trend of multiple regulatory deadlines arriving on a similar time horizon, it is not surprising that many organizations are showing signs of “compliance fatigue”. Introduction According to an exclusive SIX survey of more than 100 senior industry professionals representing buy-side and sell-side firms, respondents found it difficult to identify which regulation was currently the most important for their organization to address. The result suggests that most firms are trying to fight fires on all fronts to keep on top of compliance obligations as non- compliance is not an option (figure 1). MIFIDII,PRIIPS,SOLVENCYII AEOI,SANCTIONS REGULATORYCOMPLIANCE REGULATORYCOMPLIANCE REGULATORYCOMPLIANCE PRIIPS,SOLVENCYII,AEOI,SANCTIONS REGULATORYCOMPLIANCE REGULATORYCOMPLIANCE SOLVENCYII,AEOI,SANCTIONS PRIIPS,SOLVENCYII,AEOI,SANCTIONS REGULATORYCOMPLIANCE MIFIDII,PRIIPS,SOLVENCYII,AEOI,SANCTIONS MIFIDII,PRIIPS,SOLVENCYII,AEOI,SANCTIONS REGULATORYCOMPLIANCE MIFIDII,PRIIPS,SOLVENCYII,AEOI,SANCTIONS SOLVENCYII,AEOI,SANCTIONS AEOI,SANCTIONS,MIFIDII,PRIIPS,SOLVENCYII REGULATORYCOMPLIANCE 3.493.04 3.03 2.94 2.89 2.90 2.84 Mifid IIPriips FATCA Solvency II SanctionsAEOI FINFRAG Figure 1: Which regulations are currently the top priorities for your firm? Votes were cast using a scale of 1–5, where 1 denotes “not a priority” and 5 denotes a “top priority”
  4. 4. 5Introduction The implication of the current regulatory environment is that firms are too stretched to take the approach that would be most beneficial from a strategic point of view. Instead of having a consistent approach to sourcing the data needed for different regulations, different project teams often approach multiple vendors for what is sometimes the same data. With various regulations affecting the business simultaneously, this should have presented an ideal opportunity for firms to avoid this scenario by setting up a common approach to data sourcing to oversee regulatory activities and to mitigate compliance risk and better manage costs. One of the challenges hindering firms from taking a centralized approach when ensuring compliance with new regulation is existing data management practices. Firms are heavily reliant on fragmented data management processes, and the lack of automation in the market is making it difficult for firms to respond to regulatory change efficiently. According to the SIX survey, the majority are working with at least partly—if not entirely—manual processes, which are likely to be resource-intensive and error- prone (figure 2). Figure 2: How is data managed and sourced at your firm? When the backbone of the organization is disintegrated, it is no surprise that many firms source data for new regulation at a divisional or regional level. Data is inconsistently sourced and managed, and firms are heavily reliant on disparate data management processes. The risk, however, is that regulatory reporting also becomes fragmented, which puts firms at risk of reporting different numbers where there should have been consistency across divisions or regions. This would also make the introduction of regulations counter-productive, as regulators are ultimately introducing regulation to protect investors and provide a safer and more robust financial market. Firms are heavily reliant on fragmented data management processes, and the lack of automation in the market is making it difficult for firms to respond to regulatory change efficiently 45% Automatic 35% Partly manual 16% Manual
  5. 5. 6 To address this, firms should consider changing the internal architecture, as the high volume of regulation is expected to continue to affect financial services. In particular, Mifid II, which expands Mifid coverage to practically all asset classes, meansahugegrowthinthevolumeofdata that needs to be managed and reported on. The extent of the data requirements introduced under Mifid II means that underlying data challenges, such as lack of consistent and standardized processes, are becoming more prominent. A siloed— or partly siloed—approach is unlikely to be sustainable in the long term as firms grapple with the mammoth task of Mifid II reporting. The significantly expanded reach of Mifid II will make the challenge to ensure consistency and quality in the reporting is more prominent than in previous years, and thus the starting point needs to be creating a more harmonized data management structure. Figure 3: Who is responsible for—or has closest responsibility for—regulatory compliance and data demands within your organization? To achieve improved centralization in any organization, the organizational structure also needs to adapt. At the moment, this appears to be a key challenge for financial services firms striving to meet regulatory deadlines. The SIX survey reveals that IT, operations, legal and compliance, and risk management are all seen to be responsible for both regulatory compliance and data demands affecting the business in close to 40 percent of firms. This indicates that a large number of stakeholders are involved, and different teams with different mandates are likely to be responsible for signing off on regulatory compliance (figure 3). With more business units responsible for regulatory compliance, the risk could be that no business unit is solely accountable for ensuring compliance Introduction Traditionally, introducing changes to adhere to new regulatory requirements may have come mainly under legal and compliance, but the market is now seeing even risk management taking on a significant role in signing off on regulatory compliance. With more business units responsible for regulatory compliance, the risk could be that no business unit is solely accountable for ensuring compliance. IT ? 37% OPERATIONS 39% LEGAL & COMPLIANCE 54% 35% 9% RISK MANAGEMENT OTHER
  6. 6. 7 The additional involvement from different business units can also contribute to a more siloed approach. To avoid fragmentation and different units working on separate parts of regulatory compliance, firms will need to consider defining a common approach to regulatory compliance, as well as providing each unit with access to a common set of data. The business must be more engaged to be able to define company-wide requirements, and then set a strategy to enable the firm to meet those requirements. The strategy so far has often been based on adding more staff. However, the SIX survey shows that the majority of firms now feel the head count is not an issue for staying on top of compliance. More than 60 percent said they have sufficient head count, but instead, many said it is increased automation that would help enhance quality and/or timely handling (figure 4). Since the majority do not view regulation as a head-count problem, it could suggest that firms have added resources to deal with imminent compliance challenges instead of making the most of the regulatory era and future-proofing systems and processes. The significant investments made to comply with Mifid II and other regulations could most likely have justified a complete rethink of how to manage people, processes and systems, but some firms may instead be making do with a fragmented landscape of outdated legacy systems, working around the shortcomings by adding manual resources. The risk is that a sudden increase in the scale and volume of regulatory demands will put unbearable pressure on institutions that have failed to modernize the internal supply chain to ensure it is fit for the new fast-changing regulatory environment. By getting past the strategy of adding manual resources and focusing on getting the foundation right, firms are likely to be able to improve efficiencies and lower operational costs. Instead of starting from scratch—identifying data points, sourcing the data, cleansing the data, and then creating and applying rule sets—firms have the opportunity to work with partners and vendors that can offer value-adding services such Figure 4: Do you have sufficient head count to stay on top of compliance? as pre-packaged datasets. To source and cleanse data for new regulation without leveraging a vendor service can be a huge headache when there is no reliable, central data management system, particularly since firms are under immense pressure to prepare for a whole wave of new regulations. With this in mind, SIX has introduced a range of pre-packaged services that goes beyond simply delivering a data feed, but rather provides the right data points, complete with automatic flagging applied for Mifid II. The services—helping firms with the common reporting standard, Mifid II and sanctions—are out-of-the-box offerings, meaning customers can simply plug and play. The risk is that a sudden increase in the scale and volume of regulatory demands will put unbearable pressure on institutions that have failed to modernize the internal supply chain Introduction YES 19.2% 18.9% 43.2% 18.7% NO 81.3% NEED A GREATER AUTOM A TION NEED GREATER HEAD COUNT
  7. 7. 8 For firms dealing with an array of new requirements that have arrived or are on the horizon, it is clear that budgets and resources have been pushed to their limits. In some cases, firms are not even fully aware of how regulations may affect them, and in other cases firms may have anticipated deadlines being pushed back, since there has been a trend of regulatory deadlines being postponed in previous years. Regulatory deadlines, however, are real and fast approaching and, based on the outcome of the SIX survey, market participants have no time to waste. The survey revealed that only around one-third had systems and data in place for Mifid II as the regulatory deadline approached — a percentage that should have been much higher had firms allocated sufficient time for testing prior to the go-live date. In terms of Priips, the survey also highlighted that many firms may struggle to prepare in a timely fashion, as fewer than 20 percent of respondents said they had systems and data in place ready for regulatory deadlines. This is despite the fact that regulation has been around longer, and the significant overlap between the data in Priips key information documents (KIDs) and the data needed for Mifid II (figure 5). If firms had taken a common data- sourcing approach to preparing for new regulation, Mifid II and Priips should have created the perfect opportunity for firms to work strategically, avoiding a duplication of work and data costs by identifying synergies and ensuring there Ready, set, go If firms had taken a common data sourcing approach to preparing for new regulation, Mifid II and Priips should have created the perfect opportunity for firms to work strategically, avoiding a duplication of work and data costs is a common data source that feeds both Priips-KIDs and Mifid II reporting. By not looking at these two regulations in context, firms risk sending out different numbers to investors in Mifid II cost sheets and Priips-KIDs, or failing to ensure the time displayed in a PDF format in the Priips-KID matches the timestamp reflected in the Mifid II reporting for the transaction. To get this right and comply with both regulations, it is vital for firms to align the metadata and data connectivity, which can then help ensure synchronization. This need is most pressing for firms with sophisticated or complicated products, whose dynamic, fast-changing nature is most likely to suffer if errors are created in the reporting. If the numbers do not add up, fragmented architecture and inconsistent data could ultimately end up undermining the regulation and putting the firm at risk of being targeted for class action lawsuits from investors. Considering the low level of readiness for upcoming regulation, it would appear that firms are racing against time to get compliance programs moving. Companies stuck at the analysis stage should start reassessing the viability of doing everything in-house and review what is available off-the-shelf, as many business-ready solutions on the market could be better options for ensuring compliance by the deadline. Now is the time to start leaning on vendors and data specialists for templates, datasets and ready-packaged services, which could help shorten the time it could take to prepare for new regulation. Ready, set, go
  8. 8. 9 The concern is that, as the wave of regulations reaches a crescendo, firms are doing the bare minimum to comply with and solve the regulatory challenges by increasing head count. Despite the lack of system readiness reported for various regulations, firms are still optimistic that the regulatory deadlines are within reach, which indicates strategic planning is limited. In the survey, 61.7 percent said they think they will be able to meet the deadline with the existing head count, processes and architecture (figure 6). The questions is, to what extent and how efficiently? The inclusion of Solvency II, which has already been introduced, suggests that some firms may have gone back to the drawing board to rethink their compliance after having met the original deadline. Are firms in danger of that happening again with Mifid and Priips? Ready, set, go Are you ready for the regulation? MIFID II - 35.5% YES - 61.7% NO - 13.9% DON’T KNOW - 24.3% PRIIPS - 18.4% FATCA - 37.5% SOLVENCY II - 28.2% SANCTIONS - 33.3% AEOI - 9.8% FINFRAG - 12.7% Will you be ready? 0100 0 100 Readiness will be ensured - but at what price? Figure 5: How ready are your firm’s data and systems for compliance with these regulations? Figure 6: Are you able to meet the regulatory requirements with current head count, processes and architecture?
  9. 9. 10 As non-compliance is associated with potential regulatory fines and reputational damage, it is not surprising that the majority of firms are confident that they will make it happen. However, when it comes to firms who are only focused on being technically compliant by any specific regulatory deadline, regulatory preparations are likely to have been focused on short-term fixes instead of strategic solutions. As pressure on systems grows over the coming years, a short-term fix based on a sizeable head- count spend could come under pressure, and firms would then recognize the need to get the foundation right to ensure quality and consistency in data feeding regulatory reports. According to the SIX survey, only 27 percent of firms source and cleanse data centrally and distribute data consistently when preparing for new regulations. Instead, 30.4 percent of firms said regulations are addressed separately with their own data and data management systems, and for 40.9 percent of firms data is most often sourced separately to address regulatory requirements. But there are also instances where needs are addressed by a central system (figure 7). Breaking down the silos The survey highlights that few are taking an enterprise-wide view, or are looking at regulations strategically, meaning firms are not necessarily making the most of the investments made to become compliant. The main reason for this, according to the SIX survey, is the tight regulatory deadlines. The survey revealed that deadlines are seen as the most important reason preventing or hindering firms from taking a strategic approach to new regulation, and the second most important reason is the challenge of having different departments and data acquisition teams working in silos across different regulations. (figure 8 - see appendix). Because of the problems related to breaking down silos, firms may be missing overlapping data points in different regulations, and so they end up duplicating data sourcing and cleansing efforts. There are numerous examples of synergies—for example in the Priips regulatory technical standards—that explicitly mention Mifid II complexity definitions as the basis for comprehension alerts. Since Priips products are also sold under Mifid II rules, having an enterprise- wide approach to data allows firms to be better placed for compliance as well as cut costs by sourcing data once and using it many times in the different levels of detail required under Priips and Mifid II. Breaking down the silos Deadlines, followed by the challenge of having different departments and data acquisition teams working in silos across different regulations are the biggest obstacles to a strategic approach to new regulation.
  10. 10. 11 Figure 7: What approach does your organization typically take when preparing for new regulation? Breaking down the silos ALWAYS OR MOSTLY SOURCE DATA SEPARATELY PER REGULATION DATA IS SOURCED CLEANSED AND DISTRIBUTED CONSISTENTLY COMPLIANCEREPORTINGTRADINGRISK Sanctions Priips Mifid IICRS IRS 871(m) DATA MANAGEMENT 73% 27%
  11. 11. 12 Breaking down the silos Mifid II has highlighted the need for firms to stop addressing regulations in isolation, and instead look at regulatory compliance as a strategic initiative across departments and business units The survey highlights that achieving compliance is very difficult for every firm, and the more firms can look to partners and select vendors strategically, the more they can cut costs and start focusing on differentiating business activities instead of becoming compliance experts. For SIX, the aim is to make it easy for the industry to share data and distribute it. The vendor acquires data from 1,500 data sources, normalizes it and makes it easy to consume. To help firms prepare for new regulation, SIX has analyzed the regulatory requirements and created pre-packaged services that can help customers become compliant and avoid buying the same data multiple times. Without this approach, firms risk unintentionally stockpiling a surplus of discarded data, the financial services equivalent of the EU’s notorious ‘butter mountains’ that have become tabloid shorthand for wasteful consumption. Considering the current state of the market, there should be significant opportunities for firms to leverage data providers and infrastructure partners, and reduce costs by removing duplication and data redundancy. In fact, more than 70 percent of respondents agreed that there could be more opportunities for coordinating regulatory projects and defining synergies between regulations affecting the business. Right now, firms are beginning to realize the imminent need to achieve better coordination when it comes to regulatory preparations, and the work that has gone into preparing for Mifid II across divisions could potentially trigger a change in the approach firms take when next implementing new regulation. Mifid II has highlighted the need for firms to stop addressing regulations in isolation, and instead look at regulatory compliance as a strategic initiative across departments and business units. Untangling the regulatory spaghetti will require a fundamental rethink, but at some point it will be the only viable way forward for firms that want to remain competitive as regulatory pressure remains and margins continue to be squeezed. In the eyes of the regulators, consistency is key, and to ensure consistency it is vital to ensure the organization has a single version of the truth—not multiple truths for different regulations. By failing to recognize the synergies between data points required under different regulations, firms could be introducing increased systemic risk into their systems, and vendors with pre-packaged datasets could play a key role in helping firms overcome this challenge.
  12. 12. 13Breaking down the silos Figure 9: Could there be more opportunities for coordinating regulatory projects and defining synergies between regulations affecting the business? COMPLIANCEREPORTINGTRADINGRISK Business application integration CRS FATCA IRS 871(m) PriipsMifid II Solvency II Sanctions YES NO 71% 21% 8% Reference data & corporate actions DON’T KNOW
  13. 13. 14 Conclusion The financial services market is faced with a fast-changing regulatory environment, and there continues to be numerous deadlines to hit for initiatives that are introducingoftenmajorchangestoexisting processes. The new environment calls for firms to reassess existing strategies for dealing with new regulation, as processes need to be updated to account for the pace of change. There is an immediate need for firms to break down silos, and ensure the organization has an enterprise-wide view of data and approach to implementation. By missing the synergies between different regulations, firms are introducing increased risk into their processes and could still be subject to regulatory fines despite being under the impression that deadlines have been met. Consistency and quality is key—not only to regulators but also to investors—and the only way to ensure numbers are the same in different regulatory reports is to ensure the firm has a single version of the truth. In the rush to get ready, many firms may have piled on extra head counts – an easy target for efficiency savings once the deadline has been and gone. But what may be escaping their attention is that reducing the festering heap of duplicate data could be one of the fastest ways to gain efficiency savings in the long term. Despite the mess many firms find themselves in right now, data vendors can help untangle the regulatory spaghetti by delivering templates, datasets and ready- packaged data and services. Forward- thinking firms will use the regulatory wave toassesshowtoavoidbuildingtomorrow’s cumbersome legacy systems today and start looking for scalable systems that can enable automation to meet ever-changing business requirements. Now is the time for firms to stop browsing and start shopping. Forward-thinking firms will use the regulatory wave to assess how to avoid building tomorrow’s cumbersome legacy systems today and start looking for scalable systems that can enable automation Conclusion MULTIPLE DATA POINTS INEFFICIENT USE OF DATA HIGH COSTS SINGLE DATA POINT EFFICIENT USE OF DATA LONG-TERM SAVING
  14. 14. 15 Appendix Mifid II 3.49 Priips 2.84 Fatca 3.04 Solvency II 2.90 Sanctions 3.03 Automatic Exchange of Information (AEOI) 2.94 Financial Markets Infrastructure Act (FinfraG) 2.89 Yes 61.7% No 13.9% Don’t know 24.3% Yes 70.6% No 8.3% Don’t know 21.1% Requirments gathering Vendor selection Systems and data in place/ integrated Mifid II 29.1% 7.3% 35.5% Priips 13.6% 10.7% 18.4% Fatca 16.3% 4.8% 37.5% Solvency II 16.5% 6.8% 28.2% Sanctions 9.5% 5.7% 33.3% AEOI 8.8% 9.8% 9.8% FinfraG 10.8% 4./9% 12.7% Automatically on a divisional level with different systems and processes 7.4% Automatically on a regional level with different systems and processes 13.5% Automatically enterprise-wide with common systems and processes 25.0% Partly manually and partly through automated processes 35.1% Manually on a divisional level with different systems and processes 7.4% Manually enterprise-wide with common systems and processes 4.1% Manually on a regional level with different systems and processes 4.7% Other 2.7% IT 37.2% Operations 38.5% Legal and compliance 54.1% Risk management 35.1% Other 8.8% Regulations are addressed separately with their own data and data management systems 30.4% Data is most often sourced separately to address regu- latory requirements, but there are also instances where needs are addressed by a central system 40.9% Data is sourced, cleansed centrally and distributed consistently across all regulations 27.0% Other 1.7% Limited budgets for meeting the wave of new regulatory requirements 3.33 Tight regulatory deadlines 3.46 Different departments/data acquisition teams working in silos across different regulations 3.38 Outdated legacy systems or disparate internal systems 3.34 Internal challenges relating to governance and decision-making 3.16 Other 3.02 We don’t have sufficient head count, and improved automation would help solve the problem 19.6% We don’t have sufficient head count 18.9% We have sufficient head count, but automated systems would help enhance quality and/or timely handling 43.2% We have sufficient head count and have no problem with quality and time 18.2% Figure 1: Which regulations are currently the top priorities at your firm? Figure 5: How ready are your firm’s data and systems for compliance with these regulations? Figure 6: Are you able to meet the regulatory requirements with current head count, processes and architecture? Figure 9: Could there be more opportunities for coordinating regulatory projects and defining synergies between regulations affecting the business? Figure 2: How is data managed and sourced at your firm? Figure 3: Who is responsible for—or has closest responsibility for - regulatory compliance and data demands within your organization? Figure 7: What approach does your organization typically take when preparing for new regulation? Figure 8: What hinders the firm from taking a strategic approach to new regulation? Figure 4: Do you have sufficient head count to stay on top of compliance? Statistics quoted from a survey of 110 financial institutions carried out on behalf of SIX. Appendix
  15. 15. BUSINESS APPLICATION INTEGRATION COMPLIANCE REPORTING TRADING RISK BUSINESS APPLICATION INTEGRATION COMPLIANCE REPORTING TRADING RISK BUSINESS APPLICATION INTEGRATION www.six-group.com

×