The growing need for regulatory reporting change management processes

Historically, regulatory reporting requirements were relatively static with the changes incremental in nature. For the most part, reporting requirements were initiated by policymakers through written announcements, regulators websites, and notices in the Federal Register. The new reporting requirements typically had long lead times and the changes managed by corporate finance/ regulatory reporting functions. Because of implementation schedules and technology challenges, often the reporting solutions were siloed and tactical, involving manual processes.

New data environment and change management

Today’s regulatory data environment is one where the velocity of changes to regulatory reporting has dramatically increased. The complexity of data requirements for regulatory reporting has resulted in interpretative guidance concerning data definition being issued more frequently. The expectation that corporate finance/ regulatory reporting will have sole responsibility for managing the amount of change is no longer feasible. In addition, reporting has introduced the use of new types of data that requires the sourcing of data to span the banking organization. The new environment demands equal ownership by other stakeholders, including business lines, risk, legal, and compliance functions in participating in the planning, monitoring, and implementing of changes.

Information about reporting requirements now comes regularly from many other sources, including interpretations, supervisory expectations, and the report clearance process that is required by the Paperwork Reduction Act. Requirements are now often embedded in the rule making process (e.g., regulatory capital rules) requiring the detailed analysis of these rules to include a review specifically for reporting implications. In some cases, the concept of reporting is part of international convention, requiring firms to track the activities and recommendations of organizations, such as the Financial Stability Board and the Bank for International Settlement. The increasing number of sources  of changes to reporting requirements creates new challenges in tracking new and revised data requirements.

Adding to the velocity of changes is the number of reports where changes occur on an annual rhythm.  Annual changes can now be expected for not only the Call Report (FFIEC 031/041 or FFIEC 002) and the FR Y-9C (Consolidated Financial Statements of Holding Companies), but also capital and stress-testing related reports (FR Y-14 reports) and interconnectedness/systemic risk report (FR Y-15). All of these factors result in a need for more emphasis on the effectiveness of change management processes, particularly at the largest, most complex firms.

New approach to change management

The increased emphasis on regulatory data requires a different approach to change management.  First, change management for regulatory reporting should now be viewed as a firm-wide activity.  The change management process at organizations with optimized regulatory reporting processes include:

  • Identifying reporting changes,
  • Understanding the impact,
  • Communicating the impact to affected functions/groups within the organization, and
  • Implementing the requirements and rationalizing related systems, processes, and controls.

For every change to data requirements, the following questions should be answered:

  • Is the data available? What technology solutions are needed to provide the data?
  • What is a practical transition period to the new requirements?
  • Do the data changes affect other reporting requirements?
  • How will these requirements impact the firm? Does the requirement create a binding constraint for the firm?  Is there risk from public disclosure?
  • Are new internal controls needed to provide the data?
  • Do the proposed requirements accurately cover the stated purpose of the change or new requirement?

Changes to business strategy, operating model, macro-level system changes, data architecture and systems architecture changes can also impact the “changes” that must be evaluated.

An increasing number of reporting requirements changes comes from interpretative guidance. This guidance can come in several forms, including “transmittal” letters for specific reports, published Question and Answer series, and formal interpretations sent as a result of an institution inquiry. Conceptually, guidance provided in one of these ways does not change the data definition; rather it provides detail on how data definitions should be applied. This guidance may be sent to different parts of a firm, but access to this information may inadvertently not be shared across the firm. An effective change management process should include changes that occur through the regulatory life cycle including interpretive guidance, ensuring all affected stakeholders are aware of the potential impacts to data requirements.

Interaction with policy makers

Interaction with regulators and policy makers during the change management process is a critical step. Having a dialogue with policymakers helps ensure that data requirements are practical, implementation dates are realistic, and the reporting burden associated with data requirements is understood and reduced. For major changes, the change management process should include a process where the firm can express its concerns by actively working with industry groups that are advocating the industry view. Likewise, firms should include in their planning, one-on-one interaction with policy makers to provide feedback on changes, discuss challenges in meeting these requirements, and ask clarifying questions.

Often, institutions are reactive, waiting for a formal proposal to start the change management process. Taking a more reactive approach limits the amount of influence an organization has on a requirement. Instead, the change management process should also include analysis of potential changes through analysis of external events (e.g., regulatory capital changes, accounting changes).  By doing so, discussions can then take place to help inform policymakers’ plans before a formal proposal occurs.

As firms mature their regulatory reporting process from a “report focus only” to a product focus, the importance of communicating the impact of changes at an attribute level to product owners becomes a business imperative. That is, when a regulatory reporting process is derived from a product specification instead of individual report specification, lack of an effective change management program creates the risk that many reports, instead of one, will be misstated based on incorrectly understanding or missing changes to data definitions.

Regulatory reporting life cycle:

Internally-driven change

Changes to reporting requirements are also driven by a firm’s initiatives. Events in business lines, such as technology implementation, data quality improvements, legal entity changes, or onboarding new products can have a direct impact on regulatory reporting. Therefore, planning should occur between the business lines and the data aggregator (e.g., corporate finance). Critical to an effective change management process is early identification of internal change to:

  • Assess the reporting impact and plan for implementing effective processes and controls to address these changes on time
  • Communicate, when necessary, the impact to policy makers

While an essential part of a change management process is identifying the impact of changes to process or data definitions, just as crucial is fully communicating the plans for implementing change.  This includes data needs, constraints, project plans, and schedules (including testing time and when necessary, an internal audit review). Communicating such plans requires disciplined communication protocols where all information is shared between corporate finance, business lines, technology, internal audit, legal, and compliance.

Communication plan

Firms with an optimized regulatory reporting process have regularly scheduled communication with data providers (business lines) and corporate finance (or other data aggregator) on regulatory reporting change initiatives. Through these discussions, a clear understanding is established of who is responsible for project deliverables and possible technology solutions to address new data needs. These firms also have well defined processes and points of contacts to engage in dialogue on specific data issues or broad policy areas that are related to reporting requirements.

Failed regulatory reporting remediation efforts often have a common theme.  Improvements made at a given point in time may be unsustainable because of a lack of an integrated change management process.  Implementing a firm-wide regulatory reporting change management program may be critical to responding to an increase in regulatory demand and sustaining continuous improvement. To achieve an effective regulatory reporting change management program, firms should:

  • Have a firm-wide change management program that identifies possible reporting requirements from broader regulatory initiatives.
  • Cultivate relationships that allow firms to influence the implementation of data requirements through interaction with regulators.
  • Conduct regularly scheduled communication with finance/corporate regulatory reporting

Authors:

Marjorie Forestal
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Irena Gecas-McCarthy
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Dmitry Gutman
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Ken Lamar
Independent Senior Advisor to Deloitte & Touche LLP

Chris Spoth
Managing Director | Deloitte Risk and Financial Advisory
Executive Director, Center for Regulatory Strategy, Americas
Deloitte & Touche LLP

Marco Kim
Consultant | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this article.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see http://www.deloitte.com/about to learn more about our global network of member firms.

Copyright © 2018 Deloitte Development LLC. All rights reserved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s