The regulatory reporting regime for banks and investment firms in the UK is unduly complex. Regulated firms are required to follow guidance from numerous regulatory sources and have to grapple with concurrent regulations requiring submission of data at an increasingly more granular level. This not only increases the risk of misreporting and supervisory sanctions and penalties, but also strains firms’ internal systems and resources.

Given a constantly evolving regulatory reporting framework, determining how best to define ‘full compliance’ with the complex set of requirements has been a source of concern to firms. The Prudential Regulation Authority’s (PRA) Rulebook and the Financial Conduct Authority’s (FCA) Handbook summarise regulatory reporting requirements, listing data items, corresponding submission frequencies and reporting periods applicable to each type of firm, categorising them according to which Regulated Activity Group (‘RAG’) they fall into. But the language of the regulatory guidelines often makes this process unnecessarily complicated. In addition, these guidelines don’t include all regulatory reporting requirements, so firms also have to refer to other regulatory sources.  

At the EU-level, the European Banking Authority’s (EBA) regulatory reporting requirements for banks and investment firms - the Common Reporting (COREP) and Financial Reporting (FINREP) - were supposed to standardise these complex regulatory reporting requirements across the EU and streamline the reporting process for firms. But the regulatory reporting framework remains as complicated as ever, with firms having to navigate a complex array of criteria to determine which reporting templates would apply to them.

For instance, COREP is applicable to banks and investments firms which are regulated under the Prudential Sourcebook for Investment Firms (IFPRU). It requires consolidated reporting as well as solo reporting on an entity-by-entity basis unless the competent authority waives solo reporting, subject to certain conditions. This means that groups consisting of more than one entity are required to report on a consolidated basis and engage with the regulators to find out if solo reporting would apply to them. Given COREP templates differ for solo and consolidated reporters this may have implications for their data reporting processes.

FINREP, on the other hand, is applicable to publicly traded banks reporting on a consolidated basis (i.e. those which are subject to Article 4 of Regulation (EC) No 1606/2002 which refers to consolidated accounts of publicly traded companies) and to those firms that prepare their financial returns under International Financial Reporting Standards (IFRS). It also applies to publicly traded IFPRU investment firms on a consolidation group basis, which include firms which are subject to Capital Requirements Directive (CRD IV) and hold client money and custody assets, operate Multilateral Trading Facilities or undertake proprietary trading or underwriting activities.

To make matters more challenging, the PRA subjects firms that fall outside the scope of Capital Requirements Regulation (CRR) Article 99(2) to a set of ‘limited-scope FINREP’ requirements. Firms in scope of the limited FINREP framework include third-country bank branches, PRA-designated investment firms and non-publicly traded banks outside the scope of CRR Article 99(2). Firms subject to the limited-scope FINREP requirements are required to submit their regulatory returns through certain FINREP templates found at the relevant Annex of the Commission Implementing Regulation (EU) No 680/2014, which sets out Implementing Technical Standards (the ‘Supervisory Reporting ITS’) for firms that have adopted IFRS. These firms also have to take into account an exemption rule for reporting on a consolidated basis where the reporting entity's total assets exceed 95% of the UK consolidated group. These rules are not static, and require firms to remain vigilant for any updates. For instance, the PRA is currently planning to extend the scope of new FINREP templates such as the non-performing loan and forborne exposure templates to banks, which are currently not required to submit FINREP templates.  

Adding another layer of complexity, the EBA reporting templates that firms are required to use depends on whether they prepare their returns based on the EU-adopted IFRS or UK Generally Accepted Accounting Practice (GAAP). It also depends on whether they are opting into the IFRS 9 loan impairments regime or not. The PRA requires those firms that do not have to comply with full-scope FINREP requirements but choose to implement IFRS 9 to report certain FINREP templates on both an individual and consolidated basis. Templates differ depending on if the reporting firm has a balance sheet size of over below £5 billion or not. The PRA also requires that certain firms that do not apply IFRS 9 must report certain FINREP templates. 

For investment firms, the regime gets even more difficult to grasp depending on whether they are dual-regulated by the FCA and the PRA ('PRA-designated investment firms') or solo-regulated by the FCA. In particular, those investment firms which are solo regulated by the FCA have differing requirements depending on their types. For instance, firms that fall within the scope of the regulator’s prudential sourcebook for Banks, Building Societies and Investment Firms (BIPRU), which include those agency brokers and discretionary portfolio managers which are outside the scope of CRD IV, are not subject to COREP and FINREP requirements. Instead, they are required to submit FSA returns depending on their types. BIPRU 50K firms are required to submit only capital reporting templates, BIPRU 125K firms are required to submit capital reporting, market risk, credit risk templates and BIPRU 730K firms are subject to the full suite of FSA reporting. That’s not all. Individual Liquidity Adequacy Standard (ILAS) and non-ILAS BIPRU investment are also subject to separate FSA reporting requirements.

Firms subject to IFPRU, on the other hand, are subject to COREP requirements (except liquidity reporting) and to FINREP on consolidation group basis for listed groups. They are also subject to Pillar 2 regulatory reporting requirements through submission of FSA templates. These reporting requirements also vary depending on the size of the firm. For instance, IFPRU 730K firms are also required to submit EBA ITS resolution planning templates unless they are under simplified obligations.

Firms have to juggle a plethora of additional reporting requirements, ranging from Bank of England’s statistical reporting requirements to the PRA’s balance sheet and P&L forecast data reporting requirements. These rules are usually subject to certain thresholds and applicability criteria. For instance, the PRA’s forecast data templates differ depending on whether the firm uses IFRS or UK GAAP. The PRA also expects selected firms to report on the minimum requirement for own funds and eligible liabilities, (MREL) while the Bank of England subjects certain banks and IFPRU 730K investment firms to data requirements for resolution planning reporting in the form of EBA’s ITS reporting for resolution plans ‘Z templates'. As per the ITS on reporting for resolution plans, this depends on factors such as size, interconnectedness, and scope of activities. The EBA ITS which was finalised on 28 May 2019 has introduced new requirements for resolution to take effect from the end of 2019. Firms in scope whose resolution strategy will not involve the use of stabilisation powers of the Bank of England will be deemed ‘simplified obligations firm’ and will be subject to the PRA’s alternative requirements instead of submitting the Z templates. But firms in-scope for the ITS are required to submit ‘Phase 1’ and ‘Phase 2’ templates until the EBA ITS go in effect.

Another difficulty that firms face is the frequency with which the reporting framework rules change, both at the national and the EU level. The consequence is a substantial degree of effort to ensure continued adherence to the rules, requiring firms to overhaul data, systems and underlying IT architecture to remain compliant. For instance, the EBA regulatory reporting framework has already changed nine times in the last six years, introducing various amendments to COREP and FINREP requirements. With the current reporting framework (framework 2.9), the EBA has moved to a new modular release of amendments to its reporting framework, applying different requirements at different points in time beginning with data as of end-2019. Phase 1 was published in May 2019 while Phase 2 is coming soon. The current framework introduces amendments to align COREP with new securitisation framework and updates FINREP concerning non-performing loans and P&L reporting. It also introduces changes to reporting requirements in the areas of resolution and liquidity coverage ratio.

The EBA's Data Point Model (DPM) - a structured representation of the data requirements included in the ITS on supervisory reporting - identifies all the business concepts and their relations, as well as validation rules to make it easier for firms to develop their IT reporting solutions. But firms are still required to devote substantial resources to monitoring, interpreting and executing regulatory change in line with the amendments to the EBA's reporting framework.  

While the EBA reporting requirements keep evolving, the UK regulators are also constantly amending the existing reporting regime. For instance, the PRA is already planning to revise its PRA110 Pillar 2 liquidity reporting requirement which has just came into force. Proposed amendments to the reporting frequency of the reporting template are set out to increase the submission frequency for certain firms that face liquidity stress from monthly to daily. The proposed change would introduce a further threshold of total assets of £5 billion or above, calculated in accordance with Council Directive 86/635/EEC, requiring these firms to overhaul their liquidity data reporting systems and processes.

The constant evolution of the regulatory framework has created challenges for some firms requiring an overhaul of their reporting capabilities. The Basel Committee's principles for effective risk data aggregation and risk reporting ('BCBS 239') has also had profound effects on the legacy reporting processes, while compliance with the granularity and frequency of the EBA's mandatory XBRL reporting requirements have strained firms' reporting systems and resources.

While these complex and dynamic rules require firms to dedicate substantial financial and human capital resources, regulators have been on a similar journey. Addressing the sheer volume and scope of regulatory submissions has proved to be an overwhelming task. Last year the FCA sent a 'Dear CEO letter' to investment firms, expressing its expectation that the CEOs inspect the appropriateness of their firms’ FINREP and COREP practices. The regulator explicitly asked CEOs to review their firm’s regulatory reporting practices to ensure that they are fit for purpose, comply with the relevant reporting provisions and produce materially accurate data.

To help firms overcome regulatory challenges, the UK regulators are now looking at how the implementation of regulatory technology (‘RegTech’) could streamline regulatory reporting process for both firms and supervisors. One potential solution that is being explored is making guidelines machine readable and potentially machine executable through adopting Digital Regulatory Reporting (DRR) solutions. In the near future this technology may lead to an automated and machine readable regulatory reporting regime, transforming how firms interpret, process and report regulatory data, minimizing the need for human judgement and manual intervention. If successful, the system will be able to understand the regulations, map regulatory requirements directly to the data and report directly to the regulators, streamlining and expediting the regulatory reporting processes, which would also help with the accuracy of data sets, reduce cost of compliance and minimize regulatory sanctions and penalties. 

Replacing legacy manual processes and human judgement with automation technologies is likely to take many years to materialise. Its take-up will depend on numerous factors, such as which regulatory reporting requirements will be compatible with the DRR framework, how quickly regulators can draft machine executable guidelines and how quickly firms can adopt to this technology and overhaul their IT and data infrastructures. But, if successful, DRR will certainly result in a step-change in the regulatory reporting regime, rendering process less onerous for both regulated firms and the regulators, allowing more informed regulatory and strategic decision-making for the regulators and the industry.

Disclaimer: The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official views and opinions of PwC.