News & Insights
The growing complexity of regulatory requirements including in the reporting space is prompting FIs to rethink their approach to compliance, says Ed Probst.
The growing intensity of regulatory scrutiny across Asia Pacific is prompting a profound rethink in the way regulated institutions approach regulatory compliance.
The ever-greater complexity of data reporting requirements, the need for enhanced risk tools and analytics, and more intrusive supervision is driving firms to seek third party solutions to mitigate the distraction and cost associated with change projects.
A generational shift in APAC’s approach to regulation
Countries across the region are embarking on a fundamental shift in the way they view financial services regulation, from both a legislative and day-to-day compliance perspective.
In the years immediately prior to the global pandemic, regulators from Singapore, Australia, and Hong Kong led the way adopting more advanced regulatory reporting regimes with much improved supervisory oversight.
More recently, Basel III reforms are having a significant impact on credit, market, operational and liquidity risk requirements, demanding a far more detailed assessment of the financial health of firms as the rules are steadily rolled out in each market.
To support the implementation and ongoing assessment of these reforms, for example, the Australian Prudential Regulation Authority (APRA) has set an ambitious roadmap for authorised deposit-taking institutions and Superannuation entities, seeking to replace all template-based forms with granular data reporting requirements.
Meanwhile, Bangko Sentral ng Pilipinas’ (BSP) new API-based (Version 15) reporting obligations has marked a first step to consolidate, validate, and submit up to 250 templates based on Extensible Markup Language (XML).
With regulators now increasingly focused on rigorous and ongoing analysis of regulated institutions, we now are seeing a far more pivotal shift in regulatory compliance – and one that is far more onerous – based on substantial data reporting programmes where banks can no longer afford to have multiple siloed point solutions publishing the same data sets.
This transition can be further evidenced by regulators such as the Bank of Thailand (BOT) also rolling out a multi-year Regulatory Data Transformation project to enhance its supervisory oversight. The multi-year program includes collecting Granular Data Sets – through APIs – across a variety of different products.
The phased approach begins with credit data before moving to data sets related to payments, FX/derivatives, and securities. The BOT is seeking to establish an industry standard data model, which will eventually help align with international standards and reduce data processing steps for financial institutions, while increasing reporting efficiency.
Move from ‘push’ to ‘pull’ data collection models
The principal of sharing data with regulatory authorities is well established. It allows authorities to collect comparable information across regulated firms, challenge management teams, and form policy positions to address areas posing a risk to their objectives.
It has historically taken place as part of broad sweeping information requests, provided in a range of styles and formats. However, as we can see regulators are now dictating detailed, extensive, and precise data requirements, signalling a gradual move from a ‘push’ to a ‘pull’ collection model based on consistent industry-wide APIs.
Such models are designed to enable regulators to download, interrogate, and interpret data in real-time, generating detailed risk and compliance analytics and providing a valuable tool to judge the execution of a firm’s strategy and viability of their business plan.
Along these lines, India is making stabilisation changes to its data reports, alongside new requirements on its Centralized Information Management System (CIMS), while Singapore is building a data collection gateway as part of its balance sheet report transformation.
Hong Kong’s Granular Data Reporting (GDR) programme is very similar to Thailand’s Regulatory Data Transformation, featuring a multi-year program to collect residential mortgage, corporate, interbank loan and debt securities information. This will allow the regulator to perform detailed analytics using new data mining capabilities.
Whether to shift to a managed service model solution
While a valuable tool in the armoury of regulators, these more stringent requirements impose substantial cost and complexity on regulated firms who must ensure they have the necessary infrastructure in place to meet spiralling data obligations. It is a significant undertaking to ensure firms have the necessary technology infrastructure to comply.
Building that capability in-house can present a number of challenges given the need to employ large and senior teams of industry specialists across compliance, IT, and security, who can typically get caught up in day-to-day troubleshooting. It also poses a significant distraction effect for senior management, drawing their attention away from running the business.
Nevertheless, many larger and more complex institutions that are less able to move away from entrenched legacy systems and infrastructure have continued along this path, attracted by the internal control and oversight of their tech architecture.
While firms can outsource the function of compliance, they can’t outsource the overall responsibility. The combined impact of these new requirements is therefore giving rise to a balanced, partnership approach where institutions are increasingly looking to outsource their technology and systems to service providers.
This allows for leaner teams, while also maintaining sufficient in-house skill and capacity to oversee implementation programs and provide day-to-day support. This approach also benefits from being delivered via SaaS and deployed in the cloud, supporting a faster deployment process, reducing inefficiencies, and allowing regular software upgrades.
With a far higher level of scrutiny, the industry can anticipate a far more rigorous enforcement regime, in much the same way regulators across Europe enforced the implementation of MiFID II in 2018. Failure to get data reporting right represents a significant legal and regulatory risk.
The level of sophistication required to navigate these challenges necessitates extensive third-party expertise and can be a substantial technology undertaking. When selecting third party providers, firms must ensure that those third parties have the necessary regulatory understanding, business knowledge, and the technology capable of addressing their needs. That can only come from a rigorous assessment of their track record.
The demand for these services is therefore fostering a burgeoning regulatory technology industry, where external providers are able to pool global talent and draw on best practice across the world. And crucially, allows firms to stay focused on running and growing their business.
Latest articles
This data feed is not available at this time.