RegTech Regulatory Reporting or What we’ve learned from the FCA DRR paper

Data or rather the quality of data is often at the centre of any problem RegTech tries to solve. The same is true for Regulatory Reporting, which is one of the key areas of the RegTech revolution. Many firms try to make their mark in this field, but many would agree that the quality of data and the lack of a common approach is the biggest hurdle to overcome in the long run. The UK’s Financial Conduct Authority together with the Bank of England (BoE) has been working together with the industry for some time on ways to achieve smarter regulatory reporting. 
Last week, it has published Feedback Statement on a Call for Input on its Digital Regulatory Reporting initiative (DRR). While the document talks about many things we already knew, there are also plenty of things to be learned about the past, present and future of regulatory reporting.

What we already knew (kind of)

The FCA points out the issues that we’re already all too familiar with: first, the strain on resources to interpret what needs to be reported and how plus the associated cost that keeps rising. Second, the risk that these predominantly manual processes create different interpretations of the rules and as a consequence inconsistent reporting.

Of course, the FCA and BoE have been aware of this for a while and this is why they launched a series of TechSprints. For anyone not familiar with the term or concept, the FCA’s TechSprints are events held by the regulator that bring together interested parties from across and outside of financial services to develop technology based ideas or proof of concepts to address specific industry challenges. It’s a good opportunity to examine common issues and discuss potential solutions and the FCA has run a number of them so far (you can find more information on previous and future ones here).

Following a first TechSprint in 2016 on the subject, a two-week TechSprint in November last year produced a proof of concept that reporting rules could be turned into 
a machine-readable language. Machines then used this regulatory language to automatically carry out the rules. Once the rules were translated, machines could fulfil the requirements by accessing the information required and then pulling this information directly from a firm’s databases. The FCA called this process Digital Regulatory Reporting (DRR) and though the proof of concept only used a small subset of reporting rules, the positive result of the TechSprint was that at least in theory the approach could be expanded to a broader range of regulatory reporting requirements.

Communication and collaboration as the way forward

The FCA highlights that the success of the proof of concept was a result of the strong collaboration between regulators and the industry and in fact , we always felt (and promote) that communication and collaboration is the way forward.

In the past, and more precisely in the aftermath of the Global Financial Crisis of 2007/2008, regulators around the globe have spurt out new regulations on an unprecedented scale. Financial institutions have responded by spending billions on staff, outside counsel and systems, but for the most part it seemed to be seemed like a game of tennis with the ball being hit back and forth into the opponent’s court and without any significant collaboration. Actions like TechSprints therefore seem like a hugely more efficient way to communicate what the supervisory authorities want and to implement it faster and cheaper.

Since things went so well, the FCA then in February this year reached out with a call for input. It provided details on the proof of concept and how it could be improved, but maybe more importantly for the industry was that the FCA also sought feedback on some of the broader issues surrounding the role technology can play in regulatory reporting. At the same time, the FCA and BoE have been working on a pilot project with a number of banks and two universities to evaluate the feasibility of expanding DRR beyond the proof of concept developed at the TechSprint by testing it with 2 different use cases.

The potential benefits go beyond the saving money for financial institutions though. It could also be a significant boost to the work of regulators who for now have to rely on what the supervised firms produce in terms of reporting data. Instead, the quality of data would be improved across the industry, the activity of financial institutions became more transparent and changes in the regulatory framework be implemented directly at a fraction of the cost and time required now. Furthermore, since the enormous regulatory obligations represent a significant challenge for new entrants to the market such as FinTechs, it would also result in a world of simpler banks as the reduction in compliance costs and regulatory burden would lower barriers to entry and promote competition. Imagine a way where lawmakers decide to change the existing rules and it gets transported into the policies and procedures automatically. Sounds too good to be true? With machine-readable regulation not anymore.

What we’ve learned from the FCA Digital Regulatory Reporting paper

So many benefits, but…

A number of the main benefits are already listed above and the call for input provided a summary of the four key aspects:

1. a reduced need for firms to interpret our rules, making the information they send us more accurate and consistent
2. increased efficiency, producing significant cost-savings for industry, freeing up resource and capital to innovate, improve products and services and reducing barriers to new firms entering markets
3. changes to regulatory requirements being able to be implemented more quickly and cheaply
4. higher quality data, allowing regulators to identify and monitor issues and risks more efficiently, diagnose harm and potentially intervene earlier.

From the industry responses we learned that the list doesn’t end here. Instead it could also lead to increasing the attractiveness of the regulatory framework for firms operating or considering operating in a jurisdiction and for the UK especially in light of the current Brexit discussions certainly not a small advantage.

With some many benefits there must always be a but though and this one isn’t a small one. The quality of data is no small feast to achieve and considering the amount of different systems in use across the industry and within banks it is one of the major obstacles to overcome. In fact, several respondents said that the effort and costs involved in implementing DRR might not be outweighed by the benefits. One went as far as to detail that “the potential difficulty in mapping regulatory reporting requirements to internal data sources and the nuances in data items may make it prohibitively expensive to achieve the standardisation that DRR is seeking to introduce.” Firms also pointed to the storage of data in multiple legacy systems as well as in differing formats, so that the cost to replace
or upgrade these legacy systems is significant. Financial institutions will therefore continue to be reluctant to invest freely in new solutions unless they are presented with a good reason to do so or are compelled to.

Disproportionate Solution

Not everyone is as happy you might think though about revolutionising the regulatory framework, as many firms believe that it is only the big banks that will really benefit from it. The rationale is simple: as pointed out above getting a firm ready for DRR itself would require substantial work and costs. Larger institutions would be able to offset these cost against future savings than smaller ones, so some say they should also pay for the development of any solution proportionally. Whether this is the case or not (larger banks might argue that they have more legacy systems and data to align often across several jurisdictions), it shows that it might not be easy to come to an agreement across the industry. Arguments about who has to pay for what are often the ones that take the longest to resolve – just look at the current Brexit negotiations.

All respondents had difficulties giving a concrete answer to another question, i.e. to provide indicative costs of meeting regulatory reporting requirements and naming aspects of the current approach that resulted in the most significant costs. This shows that this element is a key to resolving the issue of different views between smaller and larger institutions. None of the respondents though seemed to be able to accurately quantify the costs of the aspects of the current reporting regime, but if the regulator would be able to assign a concrete number to the various aspects and calculate on that basis the savings that could be achieved, the end result might be more convincing and sold much easier. It will also be necessary persuade a majority of firms to join a potential DRR regime as the responses have shown that a considerable number of firms might choose not to opt-in but rather stay clear of the new process. The FCA recognised that the benefits and costs of a move toward DRR should be shared appropriately across the industry rather than only providing advantage for certain types of firms. As such, this principle would guide the funding model that the regulator would put in place should a DRR approach be adopted.

The joys of deeper integration

Deeper integration between regulators, firms and third-party providers also means that questions regarding liability would reach a whole new level. If, for instance, the relationship between a supervised bank, the company it employs to provide the reporting software and the regulator becomes more entangled, it will be more difficult to say who is responsible in case of misreporting, coding errors or data breaches. Not to mention the reluctance of financial institutions about sharing commercially sensitive information.

With damages from cybercrime expected to cost $6 trillion by 2021 and a large percentage of data breaches in financial institutions attributable to third parties, this disinclination is no surprise. The FCA has moved to tackle these concerns by assuring everyone that “a move to a DRR regime would not change the current data protection laws that govern the way the FCA uses, manages and stores the data that the regulator receives from firms. In terms of regulators having direct access
to firms’ data as raised by some responses, a move to DRR would not necessarily require that regulators ‘pull’ data directly from firms’ systems. One option would be that we express requirements in a machine executable form which firms would then implement. In this scenario, firms’ systems would continue to ‘push’ data to us in accordance with their scheduled reporting requirements.”

The regulator also stressed that a new reporting regime would need to be carefully considered and tested before being introduced.

Application to existing rules

The FCA also asked how to apply the process to existing rules and the feedback consisted of a wide range of replies, which shows the amount of work that needs to be done to find a common way to move forward. It also raised the question to which extend existing rules could be or even should be translated into machine-readable content. While a large percentage of rules is actually unambiguous and could be converted – an estimate with regard to the FCA Handbook is as high as 90% – some rules are principle-based rules. These rules will be difficult to translate into code and many argue that they should not as there is a need for rules that require a judgement, as it can be a very effective tool.

The road ahead (Part 1): Pilot Results

The Pilot project runs until November and the FCA advised that the results will be published as part of a technical paper in the first months of 2019 and updates will be available in the meantime at a dedicated section of the FCA’s website. The technical paper will provide an assessment of the technologies used to develop a DRR prototype during the pilot tests.

The road ahead (Part 2): Step by Step

While the respondents to the FCA’s call for input differed in a number of things, consensus could be found when it came to defining the steps for DRR. The four stages are:

1. disambiguation of reporting requirements;
2. building a common data approach;
3. mapping requirements to firms’ internal systems; and
4. submitting data to the regulators

Digging a little bit into the details of each step and the differing views across respondents, it becomes obvious that how exactly these four stages can be achieved is less obvious: Can disambiguation of reporting requirements be removed by use of machine learning and Natural Language Processing (NLP) techniques or does it require other forms of AI tech to solve it or removed by crowdsourcing interpretation possibly by using blockchain technology?

Everyone agrees on the need for the construction of a common data approach but should this be achieved through a standardised glossary and rulelanguage, a common data model, a semantic ontology, as well as various combinations of these? The other points are equally multifaceted, for instance, the question about data standards and formats produced twelve different possibilities that the FCA is going to evaluate to determine whether they can be applied to the DRR architecture as part of the Pilot. It shows the large number of open questions that need to be addressed, so what has become apparent is that DRR is still at an early stage, hence the differences about the various aspects are to be expected.

It is reassuring that the FCA is committed to the further development of the DRR project and that the regulator appreciates the necessity to take the lead on certain aspects of DRR development. It is furthermore encouraging to see the value of collaboration between regulators across jurisdictions as well as industry involvement expressed also in the view that open source is the way forward.

Thus, the dream of self-executing regulation will remain a dream for a while but at least it looks like we might eventually get there.