Reporting under Basel III: avoiding past mistakes

Selwyn Blair-Ford, Wolters Kluwer: The internal reporting to decision-makers should be considered above everything else.

In a world where prudential regulatory rules are interlinked the old temptation to explore one regulatory development at a time is damaging. Regulatory reporting, and the technological systems behind it, need to adapt if we are to avoid past mistakes, writes Selwyn Blair-Ford, head of global regulatory policy at Wolters Kluwer.

Here’s a scenario that most in people involved in the running of a financial institution will be more than familiar with. A business or economic crisis occurs followed, eventually, by one or more new pieces of regulation. And then it’s all about implementing lessons drawn from the experience.

An individual financial firm will then typically elect one or more trusted individuals to analyse the contents of the new regulation. The chief requirement from this piece of work is often quite simply: “What do we have to do to be compliant with this new regulation?” The answer to this question determines what firm will actually build.

Once this is understood and explained, the institution will form project plans, gather and allocate resources. This is followed by an intense period of effort and work where the solution is constructed from a combination of internally built and externally sourced technology systems.

Alongside this effort and after, the solution is tested and adjusted until finally accepted into business as usual. It is often around this point those working on the project will explain in depth to those most impacted the changes and what the new regulatory compliant world will look like.

I believe as effective as this model has been (when it was the case that regulatory monitoring could be considered to be an extension of balance sheet monitoring) in today’s environment this approach is somewhat dated. The whole approach encourages firm to consider only one regulatory development at a time. And given prudential regulatory rules are increasingly interlinked this may create new silos.

Consideration about what will need to be reported starts with the information needed to be given to the regulator to satisfy the prime objective to demonstrate compliance. The next reporting requirement would relate to what is needed to prove that the reporting produced is true and accurate. Finally the process is concerned with what information it can give to those managing the related activities to ensure that the monitoring requirements are fulfilled.

But the prime objective of any regulatory rule change is never merely the measurement of a new or different metric. The objective is always to instigate a change in the financial institutions actions and the workings of the market. Looked at it from this perspective the considerations above are, in reality, completely the wrong way round.

The internal reporting to those making decisions within the firm is the most important and should be considered above other considerations. The reporting needed to elicit user acceptance, or to prove truth and accuracy is useful. But it is not necessarily the same that is required by the internal decision makers. (Internal decision makers are all those people who can make decisions that will impact on the firm’s compliance to the regulatory rules under consideration. This will be more than just the management or policy making team.)

The reporting to the regulator should be a by-product of a good strong internal management reporting system. This way round the focus can be seen to be to driving compliant behaviour rather than reporting.

Let us consider some of the prudential regulatory developments that are currently of concern in the financial sector. These include BCBS 239 Principles for effective risk data aggregation and risk reporting, which require firms to have a unified risk and reporting management framework for a wide number of risk classes.

We also have BCBS D352 minimum capital requirements for market risk, where the role of netting, hedging and diversification play a much bigger part. One of the effects of this will be that the results will be a lot less intuitive, and the impact of specific positions more difficult to identify. This will mean the quality and depth of information to management will need to adapted accordingly.

Similarly we have the BCBS 279 standardised approach for measuring counterparty credit risk exposures, which will present similar reporting challenges. We should also mention BCBS 319 Interest rate in the banking book and BCBS 347 standardised approach for credit risk.

These changes will mean that internal decision makers will lose much of the feel for the numbers they currently have, and so will need to be given new reports that they find meaningful. Reporters will face a tsunami of requests for explanations once the new regulations start to come into force. Much of the current thinking around these regulatory initiatives does not properly consider the potential internal reporting requirements.

In order to deliver what is needed firms will need to consider the role and purpose of the management reporting process and infrastructure which can be summarised as:

• providing the correct information
• to the correct person
• at the correct time
• and when the information is received it is well understood.

The proof that the management reporting process is working will be that the recipient acts on the information received.

To achieve such a system we need to complete the following steps:

• Identify those who need to be informed.
• Identify the minimum information each recipient will need to fulfil their role.
• Decide on the most effective method of presenting the information to the recipient.
• Identify the best timing and frequency for the delivery of reporting.
• Be clear on what the minimum data quality requirements for each report.

Each of these points need to be considered as fully as possible. Who needs to be informed is a function of the active role played by that person, not seniority of position. Firms may wish to break roles down to idealised persona, e.g. board members, senior management, line managers, control functions etc. and then define information requirements for each. The most effective method of delivery may include not only paper reports or spreadsheets, it can also include SMS texts, key figures on cards to fit into a wallet, town hall type presentations, video messages etc.

It is only after fully considering and having answers to these points can a firm properly consider what process and therefore which technology systems it wishes to implement.

The result will be a process that puts informing the decision makers, and hence control, at the heart of the process. It is this context that a “single version of the truth” makes sense, as the information is tailored to fit the requirements of those that need most to use it.

Without such analysis as part of the regulatory change programme, firms will continue to have cases where it is difficult to see the woods for the trees. Let’s not miss a golden opportunity to deliver better.