Historically, regulatory reporting requirements were relatively static with the changes incremental in nature. For the most part, reporting requirements were initiated by policymakers through written announcements, regulators websites, and notices in the Federal Register. The new reporting requirements typically had long lead times and the changes managed by corporate finance/ regulatory reporting functions. Because of implementation schedules and technology challenges, often the reporting solutions were siloed and tactical, involving manual processes.
New data environment and change management
Today’s regulatory data environment is one where the velocity of changes to regulatory reporting has dramatically increased. The complexity of data requirements for regulatory reporting has resulted in interpretative guidance concerning data definition being issued more frequently. The expectation that corporate finance/ regulatory reporting will have sole responsibility for managing the amount of change is no longer feasible. In addition, reporting has introduced the use of new types of data that requires the sourcing of data to span the banking organization. The new environment demands equal ownership by other stakeholders, including business lines, risk, legal, and compliance functions in participating in the planning, monitoring, and implementing of changes.
Information about reporting requirements now comes regularly from many other sources, including interpretations, supervisory expectations, and the report clearance process that is required by the Paperwork Reduction Act. Requirements are now often embedded in the rule making process (e.g., regulatory capital rules) requiring the detailed analysis of these rules to include a review specifically for reporting implications. In some cases, the concept of reporting is part of international convention, requiring firms to track the activities and recommendations of organizations, such as the Financial Stability Board and the Bank for International Settlement. The increasing number of sources of changes to reporting requirements creates new challenges in tracking new and revised data requirements.
Adding to the velocity of changes is the number of reports where changes occur on an annual rhythm. Annual changes can now be expected for not only the Call Report (FFIEC 031/041 or FFIEC 002) and the FR Y-9C (Consolidated Financial Statements of Holding Companies), but also capital and stress-testing related reports (FR Y-14 reports) and interconnectedness/systemic risk report (FR Y-15). All of these factors result in a need for more emphasis on the effectiveness of change management processes, particularly at the largest, most complex firms.
New approach to change management
The increased emphasis on regulatory data requires a different approach to change management. First, change management for regulatory reporting should now be viewed as a firm-wide activity. The change management process at organizations with optimized regulatory reporting processes include:
For every change to data requirements, the following questions should be answered:
Changes to business strategy, operating model, macro-level system changes, data architecture and systems architecture changes can also impact the “changes” that must be evaluated.
An increasing number of reporting requirements changes comes from interpretative guidance. This guidance can come in several forms, including “transmittal” letters for specific reports, published Question and Answer series, and formal interpretations sent as a result of an institution inquiry. Conceptually, guidance provided in one of these ways does not change the data definition; rather it provides detail on how data definitions should be applied. This guidance may be sent to different parts of a firm, but access to this information may inadvertently not be shared across the firm. An effective change management process should include changes that occur through the regulatory life cycle including interpretive guidance, ensuring all affected stakeholders are aware of the potential impacts to data requirements.
Interaction with policy makers
Interaction with regulators and policy makers during the change management process is a critical step. Having a dialogue with policymakers helps ensure that data requirements are practical, implementation dates are realistic, and the reporting burden associated with data requirements is understood and reduced. For major changes, the change management process should include a process where the firm can express its concerns by actively working with industry groups that are advocating the industry view. Likewise, firms should include in their planning, one-on-one interaction with policy makers to provide feedback on changes, discuss challenges in meeting these requirements, and ask clarifying questions.
Often, institutions are reactive, waiting for a formal proposal to start the change management process. Taking a more reactive approach limits the amount of influence an organization has on a requirement. Instead, the change management process should also include analysis of potential changes through analysis of external events (e.g., regulatory capital changes, accounting changes). By doing so, discussions can then take place to help inform policymakers’ plans before a formal proposal occurs.
As firms mature their regulatory reporting process from a “report focus only” to a product focus, the importance of communicating the impact of changes at an attribute level to product owners becomes a business imperative. That is, when a regulatory reporting process is derived from a product specification instead of individual report specification, lack of an effective change management program creates the risk that many reports, instead of one, will be misstated based on incorrectly understanding or missing changes to data definitions.
Regulatory reporting life cycle:
Changes to reporting requirements are also driven by a firm’s initiatives. Events in business lines, such as technology implementation, data quality improvements, legal entity changes, or onboarding new products can have a direct impact on regulatory reporting. Therefore, planning should occur between the business lines and the data aggregator (e.g., corporate finance). Critical to an effective change management process is early identification of internal change to:
While an essential part of a change management process is identifying the impact of changes to process or data definitions, just as crucial is fully communicating the plans for implementing change. This includes data needs, constraints, project plans, and schedules (including testing time and when necessary, an internal audit review). Communicating such plans requires disciplined communication protocols where all information is shared between corporate finance, business lines, technology, internal audit, legal, and compliance.
Firms with an optimized regulatory reporting process have regularly scheduled communication with data providers (business lines) and corporate finance (or other data aggregator) on regulatory reporting change initiatives. Through these discussions, a clear understanding is established of who is responsible for project deliverables and possible technology solutions to address new data needs. These firms also have well defined processes and points of contacts to engage in dialogue on specific data issues or broad policy areas that are related to reporting requirements.
Failed regulatory reporting remediation efforts often have a common theme. Improvements made at a given point in time may be unsustainable because of a lack of an integrated change management process. Implementing a firm-wide regulatory reporting change management program may be critical to responding to an increase in regulatory demand and sustaining continuous improvement. To achieve an effective regulatory reporting change management program, firms should:
This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this article.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see http://www.deloitte.com/about to learn more about our global network of member firms.
Copyright © 2018 Deloitte Development LLC. All rights reserved.