tech cloud data and compliance
FinanceComplianceMarch 25, 2019

Tech, cloud, data and compliance

Despite the wide availability of regulatory reporting solutions, many financial institutions in APAC - particularly smaller ones - continue to rely heavily on manual processes to fulfil their regulatory reporting obligations. This may be due to a number of reasons, some resource-related, others based on perceptions or cultural norms.

New cloud-based deployment models though, can help smaller institutions overcome barriers to implementing more automated processes, resulting in more resilient regulatory reporting at a time when regulators are signalling a more proactive approach to enforcement.

Key APAC regulators have introduced requirements for more detailed submissions. These include the Monetary Authority of Singapore's (MAS) 610 returns and the Economic and Financial Statistics (EFS) reporting procedures in Australia. Meanwhile, in Hong Kong, the MA(BS)12 return now incorporates Basel's Interest Rate Risk in the Banking Book (IRRBB), which adds to both the reporting requirement and the underlying calculations, while we are also anticipating regulations such as the new Securities Financing Transactions Regulation (SFTR) reporting rules to impact institutions across APAC in the near-term future.

It's becoming clear that firms that invest properly in automation to comply will enjoy significant operational benefits, among them enhanced transparency around internal business processes.

Complex regulatory reporting requirements require new approaches

More than ever before, financial institutions are required to produce much more granular information for regulators at higher frequencies. To create these reports, they need to integrate data from many different systems, often submitting machine-readable files while providing full traceability from submissions back to the underlying source data.

This represents a significant challenge, particularly for smaller institutions with smaller teams, and it coincides with a growing appetite among senior bank management for leveraging more granular and higher-quality information and insight into existing and new market segments in order to increase competitiveness and boost profitability.

At the same time, regulators in the APAC region are indicating that they will be looking for market players of all sizes to comply with their reporting obligations.  MAS recently released a supervisory toolkit for fund managers in the hopes of encouraging firms to get their reporting act together, acknowledging that the asset management industry in Singapore is continuing to go through "a period of rapid change, driven by regulation, narrowing margins, changing investor requirements and the growing use of new technologies"

Lack of automation in the regulatory reporting space has numerous disadvantages

Through many conversations and interactions with smaller financial institutions across APAC, we have found that many firms continue to take a largely manual approach to regulatory compliance. In many cases, firms rely on internal spreadsheets and macros, which offer the comfort and convenience of established, familiar procedures while enabling business users to easily visualize and organize data in a universally accepted format.

But this approach is prone to human error and brings with it numerous control risks, and this represents too high a price to pay for many firms, as they face the challenge of greater regulatory complexity and a more proactive approach to enforcement among regulators.

Allowing staff to modify data held in applications, formulas and spreadsheets greatly increases the incidence of bad data, whether in the form of inconsistencies or inaccuracies. This kind of manual approach also makes it difficult to establish a clear audit trail, and limits extensibility and scale.

For example, when asked about the most suitable method to ensure data quality, 85.8% of senior executives who participated in the research which Wolters Kluwer conducted in association with a leading financial publication in 2018, selected automation of controls and reconciliation.

Faced with these challenges, it seems unlikely that many banks in APAC will be able to continue to achieve regulatory compliance without an appropriate level of automation and control. As a result, we see increasing numbers of them concluding that it's time to take a different tack, and turning to new technologies for help.

Key to this is the emergence of robust cloud-based service models, which are making sophisticated regulatory reporting capabilities available to smaller financial institutions at lower cost than on-site deployments.

The case for automated regulatory reporting solutions

In line with global norms, regulators in APAC are placing greater emphasis on the qualitative aspect of report automation. It is no longer sufficient to just have the right answer; banks must also explain how the answer was derived. Financial institutions need to demonstrate quality of data and are increasingly discouraged from using manual processes in regulatory reporting and other important business functions.

By automating the various stages of regulatory reporting - from data acquisition to aggregation, regulatory calculations and classifications - banks can enhance the accuracy of reports and create a clear audit trail in which the entire data flow leading up to final reported numbers is visible.

Automation also facilitates the centralization and harmonization of data from the various organizational silos (such as finance and risk) that need to contribute to regulatory reports, creating a single source of truth that simplifies the sourcing and verification of data and underpins all reporting activities. Banks can also leverage this valuable information for management reporting and better strategic decision-making. Specifically, the use of a global, standardized and flexible data model can allow firms to meet the specific needs of local regulators, while harnessing financial intelligence across all their areas of activity.

As regulators look for an integrated approach to risk and finance-enabled regulatory compliance and reporting, firms adopting a reporting platform underpinned by a unified and flexible data framework are able to consolidate regulatory data in a single repository and ensure the agility required to respond to unpredictable future change. Integrating regulatory calculations, such as regulatory capital or liquidity computations, with regulatory reporting yields substantial benefits in terms of accuracy, audit trail, minimized adjustments, minimum reporting time and cost.

While the industry is digesting the impact of a big regulatory overhaul of initiatives such as the MAS 610 returns and the Economic and Financial Statistics (EFS) reporting which are to come into practice soon, it is recommended that firms also consider solutions which help them limit their exposure to regulatory change.  Automatic updates to data requirements and out-of-the-box business logic based on any changes to regulatory calculations, forms, validation rules and delivery can help firms rest assured that they are meeting their regulatory obligations at all times.

So why haven't smaller institutions rushed to automate their regulatory reporting?

Smaller firms may be aware of the need for automation, but some remain hesitant to take the plunge. Why?

Costs, internal barriers and the difficulty of finding the right technology partners may all hold institutions back. Typically, smaller financial institutions lack the resources and formalized processes that can make it easier for large banks to automate. Having generally smaller teams, they are more susceptible to key-person risk; reporting responsibilities may rest with just a handful of people who have built up manual processes over time with which only they are familiar. Any move to streamline what's worked for years may be perceived as potentially disruptive, creating unnecessary risks.

An incremental approach to automation

But automation doesn't necessarily involve an extensive, expensive or disruptive implementation. New requirements and existing infrastructure differ by institution; banks are at various stages along the automation journey. This points to the need for a modular approach consisting of components that can be combined and deployed flexibly to address different needs.

A modular solution enables credit unions and small-sized institutions to automate in an incremental way; for example, starting with the general ledger then moving on to more granular calculations and financial instrument data.

With each step toward full automation, resources are freed up to support future implementations. Automation also brings more accurate and transparent data, enhancing risk and performance management and improving decision-making across the board.

Any new IT implementation needs to be accompanied by the right personnel strategy. Staff currently running manual processes may see automation as a threat, so it's essential to convince them that with automation doing the heavy-lifting, they can be freed to use their expertise to make true value-added contributions.

Creating a governance structure and a center of responsibility for the usage and control of data across various business segments is also key. In larger banks this tends to rest with the CIO.   We are seeing a similar shift within small-sized banks and non-bank financial institutions where the IT function is being leveraged in similar way to facilitate data governance across finance, risk and reporting.

Benefits of on-cloud deployment

Best practice guidance around on-cloud deployment which regulators such as MAS and APRA have recently issued are helping banks pave the way for greater adoption of cloud computing.

Having overcome many of their initial reservations, financial services companies are embracing cloud-based solutions as a way to address complex requirements flexibly and cost-effectively.

Early concerns revolved around a number of factors. Security was one; firms were reticent about placing their data, their clients' data and key processes into an environment operated by others, for fear of breaching confidentiality agreements. These concerns have largely been assuaged by the hybrid public/private cloud model and the strong track record of service providers.

Firms were also worried about costs. Although cloud can recast capital expenditures as operating expenditures, there was early concern that service provider charges could spiral. Again, experience has proved that a robust commercial agreement can avoid hidden charges going forward.

As with other new initiatives, smaller firms in particular were concerned they lacked the necessary resource or expertise to deploy emerging cloud services. However, as the segment has matured, offerings have become more productized, making it easier for smaller organizations to implement them. Governance and control also featured strongly in firms' objections. Fears of a lack of rules or processes around access and usage of cloud services, and the resulting loss of control, have also receded as offerings have become more sophisticated.

With regulators acknowledging cloud as an accepted mechanism for mainstream applications, so have they bowed to their use in regulatory situations. This has provided the necessary comfort for firms concerned that their compliance programs would not be accepted if reliant on externally hosted solutions. Finally, as cloud-based service offerings have matured, performance levels have risen, addressing initial concerns in that regard.

What's clear is that cloud deployment can bring a raft of benefits, particularly for smaller institutions that lack the internal resource to meet the increasingly complex and onerous reporting obligations required by regulators.

Through a carefully managed cloud deployment, firms can not only enjoy cost efficiencies, as application costs are shared across customers, but also greater predictability of cost as they switch from CapEx to OpEx. Cloud-based clients can be on-boarded rapidly, which translates into far faster time to market than traditional on-premise deployments.

Cloud computing, moreover, has been designed to scale to meet new demands. This creates a more flexible capability for firms, allowing them to consume more services as they grow. Finally, by outsourcing hosting and management of non-core support activities, cloud allows banks to focus on business as usual, allowing internal teams to translate their expertise into value-added contributions.

Given these benefits, it's becoming evident - particularly to smaller players - that a cloud-based deployment model would be a good fit for meeting their regulatory reporting automation needs, as it would make the overall infrastructure, platform and software costs related to automation much more affordable when compared with a traditional on-premise deployment.

It is important, however, that thinking about new ways of deploying technology doesn't eclipse other pain points which firms have been grappling with.  An automated solution which goes "out of date' every time regulations change or are updated could become a costly white elephant to maintain. The ability to limit exposure to regulatory change should be a pre-requisite during the solution evaluation process.


Although they may face challenges initially, small-sized financial institutions should not hesitate to grasp the automation opportunity. The pace of new regulatory requirements may be easing, but regulatory complexity, time to compliance and regulatory scrutiny are not.

OneSumX for Finance, Risk, and Regulatory Reporting Solution Suite
The best-in-class integrated solution suite for finance, risk, regulatory compliance and reporting, enriched with value-added content from our experts.
Back To Top