Optimizing your legal entity regulatory reporting process
Background for legal entity reporting
Depending upon the legal entity structure and headquarters of a parent bank, several different reporting forms are used to identify legal entities and associated information, including their purpose and type of legal form. This information is used for monitoring compliance with laws and regulations including by the Federal Reserve Board of Governors (“Federal Reserve”): the Dodd-Frank Act, the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, Regulation Y (Bank Holding Companies and Change in Bank Control), Regulation YY (Enhanced Prudential Standards), and Regulation QQ (Resolution Plans). This information is also an important component in regulators determining an institution’s level of complexity.
As events occur that affect a firm’s organizational structure, a report is filed to record the event driven (FR Y-10, Report of Changes in Organizational Structure). Annually, the end of the parent company fiscal year, a report is submitted that includes an organization chart and information concerning shareholders and public financial statements (FR Y-6, Annual Report of Holding Companies1, and FR Y-7, Annual Report of Foreign Banking Organizations2). The information from the event-driven forms are compared to the annual organizational chart. All of this information is commonly referred to as banking structure data.
These are foundational regulatory reports that impact activities in regulatory compliance, reporting, and disclosure. The information on these data collections include information at the legal entity level including legal entity description (e.g., type), ownership (types of control and investment), business activities, and regulatory authority. Regulators integrate this information with financial data to understand and monitor the condition and risks of bank holding companies and foreign banking organizations. The users of the structure information encompass a broad spectrum of stakeholders, including examiners, analysts, and policymakers within the Federal Reserve; other regulators such as the Office of the Comptroller of Currency and the Federal Deposit Insurance Corporation; and the public (very little of this data is confidential).
Challenges and risks
Like financial regulatory reporting, ambiguity around ownership and accountability of reporting legal entity data have emerged as a common challenge across organizations. Large banking organizations—both US and non-US headquartered—with global operations face unique challenges in maintaining a centralized and robust framework to collect legal entity data consistently and timely to produce accurate reports.
Traditionally, the responsibility for banking structure data resided outside the corporate finance function and resided mainly in Legal and the Corporate Secretary (or equivalent office). This was effective when most of the reporting was related to corporate actions (e.g., mergers, and entity formations). However, the growth of the information collected on the banking structure now requires information to be sourced from different business units and functions throughout a firm.
Since most of the reporting requirements are based on Federal Reserve regulations—specifically Regulation K (International Banking Operations)3 and Regulation Y (Bank Holding Companies and Change in Bank Control)4—this requires data owners to have a knowledge of technical legal knowledge of these regulations. The need for deep technical knowledge and the increased regulatory expectations for data quality are both trends driving the responsibility for banking structure reports to shift closer to financial reporting. This enables institutions to leverage existing polices and quality assurance procedures for financial reporting to the banking structure data.
Many large institutions are now beginning to focus on to implementing a robust, well-controlled process around the production of these reports to remediate the following issues:
Incomplete or inaccurate structure reporting of the FR Y-10 report also impacts other reporting, most notably stand-alone financial reporting for certain subsidiaries of holding companies and foreign banking organizations (FR Y-11/11S, Financial Statements of US Nonbank Subsidiaries of US Holding Companies), FR 2314/FR 2314S, Financial Statements of Foreign Subsidiaries of US Banking Organizations), and FR Y-7N/7-NS, Financial Statements of US Nonbank Subsidiaries Held by Foreign Banking Organizations)). If legal entities are not properly identified, these reports might not be filed – or conversely – filed when they are not required.
A key factor that leads to poor data quality is determining “reportable entities.” Most firms can easily identify entities that are consolidated in financial statements. However, the FR Y-10, FR Y-6, and FR Y-7 use Regulation Y and K (as applicable) for the definition of “control” in determining reportable entities. These definitions of “control” are highly technical and often require legal input based upon interpretations of the Bank Holding Company Act or other regulations. This could mean an investment of just 5 percent can result in a reportable entity. Therefore, communicating the complexity of what constitutes a reportable entity throughout a firm is a significant challenge.
Poor data quality on the banking structures present compliance risk. For example, the FR Y-10 impacts merchant banking entities for which the financial exposure is monitored on FR Y-12A (Annual Report of Merchant Banking Investments Held for an Extended Period) where merchant banking investments are approaching the end of the holding period permissible under Regulation Y. In addition, certain merchant banking investments may be considered “affiliates” under Regulation W (Transactions between Member Banks and their Affiliates) and other bank regulatory rules regarding affiliate transactions and financial impact on the FR Y-8 (The Bank Holding Company Report of Insured Depository Institutions’ Section 23A Transactions with Affiliates).
Industry practices and insights
For legal entity reporting (as part of the overall framework for regulatory reporting), institutions that have invested in improving their underlying data and supporting governance frameworks have seen a noticeable improvement. We have identified some of the common industry trends that can be an effective tool in enhancing reporting quality.
As we previously discussed in our POV on the maturity of regulatory reporting at banking organizations, regulators expect all regulatory reporting—including structure reporting—to be governed by a comprehensive framework with clearly identified roles and responsibilities and standards for compliance, including monitoring and escalation. Including structure reporting into the overall regulatory reporting governance framework can help with consistency of reporting and better alignment between reporting teams. An important step in a functioning governance structure is implementing an effective accountability policy. By doing so, data owners are identified and are responsible for the quality of the information they own. The banking structure data should align with the financial reporting accountability policy.
As part of accountability frameworks, a well-designed training program should exist for the report preparation staff and individuals contributing to reporting process, including lines of business personnel. Structure reporting-related content is expected to be part of the regulatory reporting training program, with both report-specific training (e.g., FR Y-10 report training), as well firm-specific legal entity lifecycle training.
The banking structure data can require hundreds, if not thousands, of annual filings. Without thoughtful review of process and controls, firms may expend significant costs and risk of misstatement. Aligning these processes with effective controls environment already in place for financial reporting is a first step in reducing these risks.
A comprehensive controls framework is at the foundation of regulatory reporting. Institutions are implementing controls around legal entity/structure reporting with a focus on the end-to-end reporting flow, from the area that initiates entity changes, through the systems of record, to the reporting unit responsible for filing the reports, along with reconciliation between these various reports and compliance systems. There should be a close connectivity in outlining Legal, Finance, and Compliance’s roles in advising, production, monitoring, and testing.
One of the challenges with legal entity reporting is determining timeliness of filings based upon the FR Y-10 requirements and other related licensing and approval requests that are linked to a change in bank control considerations or financial holding company5 and bank holding company requirements. Lines of business responsible for driving entity changes need to design controls to proper identify a reportable event, document required data attributes, and promptly communicate the changes to reporting team to allow for timely reporting.
An important aspect of controls with legal entity information is building business rules that validate the attributes for all reporting items. This can be done by understanding the requirements of Regulation K, W, Y, QQ, and YY and the definitions and relationships between reports, line items, and schedule of the FR Y-6, FR Y-7, FR Y-10, FR Y-8, and the FR Y-12/12A. Other examples of reporting controls performed by reporting unit include reconciliation between firm’s legal entity organizational chart to the FRB Tiering report that incorporates data from FR Y-10 report filings at a point in time. A key reconciliation would be between the FRY-10, FR Y-6 or FR Y-7 reports, which are annual in nature, and the Federal Reserve’s Organization Structure and Hierarchy information available on the National Information Center (NIC). In addition to the annual reconciliation, it is a good practice to compare NIC data to the firm’s legal entity chart on an ongoing basis.
Institutions are expected to have effective data governance and data management capabilities for legal entity reporting as the framework that is in place for financial and risk data. The framework components would typically include the same documentation, control, accountability, reconciliation, and issue/escalation reporting and tracking standards for legal entity reporting as it does for financial and risk data. Similarly, legal entity reporting should be part of the firm-wide data quality and integrity programs, inclusive of the business lines that are responsible for originating legal entity activities and changes. This may include formalizing and defining data elements impacting the reports, and establishing data quality controls around systems and databases capturing reportable events and maintaining legal entity-related data.
The FR Y-10 is separated into eight schedules. Each schedule collects information on specific types of legal entities and events. The Banking, Nonbanking, and Savings and Loan Schedules collect general information about these types of entities (e.g., location, opening dates, SEC status, identification numbers (e.g., LEI)), and the legal form of the organization. These schedules also have ownership section that covers the amount and type of ownership of the organization. These are the most complex of the reporting concepts for the FR Y 10 and require an understanding of the control definitions in Regulation Y and legal formation of the reporting entity. The last section of these schedules covers the authority and activities the organizations conducts. Careful consideration should be give the Legal Authority Code and Activity Code to avoid conflicts in the ability to carry out an activity of under a specific authority. The Nonbanking Schedule has a unique item that identifies the “functional regulator.” Additional attention should be given to this field since it is critical determining factor on deciding if a legal entity is required to submit other regulatory reports (e.g., FR Y-11, FR Y-7N).
The Merger, Domestic Branch, Foreign Branch Schedule, and US Branch and Agency schedules capture the characteristics of events and of the reportable entity. In these schedules, careful attention should be given to the dates used since these dates will determine when certain regulatory reports will be required.
The last two schedules the 4K and Large Merchant Banking Schedule are used to monitor compliance with regulation. The 4K schedule serves as post notification of activities related Section 4K of the Bank Holding Company. The Merchant Banking Schedule is used to monitor large Merchant Banking Investment and should align with the reporting on the FR Y-12 and FR Y-12A.
Legal entity management
Many firms have commenced legal entity rationalization efforts that have included reviews for each legal entity and classifying its purpose, status, and potential for streamlining. This process is the result of firms realizing that:
(1) Banking organizations with multiple intermediate holding companies and special purpose entities contribute to complexity in legal entity structure and can complicate the resolution planning process;
(2) The cost of administrative support and reporting requirements of the enterprise can potentially be reduced with a streamlined legal entity structure; and
(3) There is a significant risk for booking errors through the booking structure across and between entities on an intercompany basis.
Legal entity reporting is a useful tool in understanding current entity (organization) structure and the purpose of each entity, and together with other internal/management reporting provide a starting point for the legal entity analysis that has been enriched for resolution planning purposes. Balancing the business structure and activities of the enterprise across its geographical footprint presents new challenges when reconciling against the legal entity rationalization requirements for resolution planning. The focus is beyond the typical organizational structure challenges of the relevance of all the entities and where business is being conducted day to day. Banks have to focus on the resiliency and resolution of those entities from client, affiliate, and creditor considerations, as well as the potential legal and regulatory obstacles for each jurisdiction where they have operations.
2 The current reporting form is available here and the current instructions are available here.
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see http://www.deloitte.com/about to learn more about our global network of member firms.
Copyright © 2018 Deloitte Development LLC. All rights reserved.