APRA has introduced a wide range of new reporting requirements for ADI’s and RFC’s over the past 12 months. Most notably, APRA, the RBA and ABS issued the Economic and Financial Statistics (EFS) overhaul which introduces new reporting requirements and revisions to a wide range of existing reports (you can read more about EFS in our previous posts). In addition, APRA has introduced various changes to other reporting standards such as residential mortgage lending (ARF 223), large exposures (ARF 221) and financial claims scheme (ARF910).
The volume of the reporting changes, in combination with heightened data quality expectations have triggered many institutions to rethink their regulatory reporting architecture. Many ADI’s have established dedicated projects to address the regulatory reporting changes and many have already gone through the gap analysis and vendor assessment process and have started the implementation of vendor solutions.
In this blog we will explore some of the key considerations ADI’s and RFC’s will need to address when assessing their future state architecture for APRA reporting.
Manual or Automated
At most institutions, regulatory reports have traditionally been prepared manually or “semi-automated” by using spreadsheets. This approach often developed organically over many years: initially introduced when operations were small(er) and the regulatory burden relatively low; spreadsheets were a very cost-effective and flexible approach to internal and external reporting. Over time however, several drawbacks of the spreadsheet approach would have surfaced:
The complexity of processing late GL adjustments
Keeping track of changes to reporting logic over time
Understanding mapping logic which was built by someone else
The lack of documentation when key staff retire from the organisation
One of the first considerations for each organisation will be to determine whether the benefits of manual processes outweigh their inherent operational risks.
Automation of regulatory reporting can take many shapes – from building automated spreadsheets (VBA, anyone?) over internal databases through to specialist vendor solutions. Regardless of the solution, automation typically involves the following steps:
Interfacing the data from the various source systems into a single data repository
Validation and reconciliation of the various sources of data (e.g. GL vs transaction level data)
Data mappings, enrichments and calculations for regulatory specific purposes
Producing the Returns: mapping the enriched dataset into the regulatory reports
After analysis and review; the data can be exported in a format that can be loaded to APRA’s D2A platform (that is, until D2A is replaced)
Automation of regulatory report production at the very least ensures consistency, efficiency and timeliness. When done well it also ensures accuracy, auditability and full data lineage from source to report and back.
Tactical or strategic
Should the institution invest in a strategic reporting solution; which supports APRA reporting and that can (potentially) address various other internal or external reporting requirements; or will the institution apply a “stop-gap” approach to address a particular regulatory requirement such as EFS? The answer is not necessarily straight-forward and many variables will influence the decision:
Overall IT architecture – is the organisation planning a dramatic overhaul in the near future (e.g. Core Banking Upgrade)
Budget for IT expenditure
Head count in Finance and external reporting functions
Data Architecture – does the bank have a “Single Source” or “Golden Copy” of the data?
RegCentric encourages institutions to leverage regulatory catalysts such as EFS to drive strategic transformation and to align the implementation of the regulatory imperative with the long term future state architecture.
RegCentric recently published a whitepaper titled “Seizing the opportunity. Turning regulatory regulatory burden into opportunity” which you can download here.
Buy or build
Institutions have the traditional “buy” vs “build” question to answer. Building the process to generate regulatory submissions internally does have advantages such as tailoring the solution to institution specific requirements, but they are unlikely to outweigh the benefits that come from an out-of-the-box vendor solution once you consider items such as:
Regulatory change management: most vendors will offer maintaining the solution in line with regulatory changes as part of the software maintenance and support
Common functionality such as variance analysis, drill-down, business rules will be complex and time-consuming to build
Data Management: adjustments, 4-eyes check, data lineage will be out-of-the-box from most vendor solutions
As vendors benefit from economies of scale, an extensive user base and a significant amount of experience in building out new regulatory requirements; the vast majority of organisations will find better value in vendor solutions over internally built solutions.
Several technology vendors offer automated APRA reporting solutions. EFS has been a trigger for both domestic and international vendors to enter the APRA reporting space. The international vendors have the benefit of having experience automating regulatory reporting across multiple regulators and geographies. The local vendors have limited exposure overseas, but have the benefit of having local development and implementation teams.
Cloud or on-premise
The trend of offering software as a service (SAAS) has also entered the regulatory reporting space, with several vendors now offering their solution under a hosted subscription model.
As with any cloud decision for regulated entities, particular consideration should be given to CPS-231, CPG-234 and the newly introduced CPS-234 (currently under consultation here). The institution should ensure the vendor offering complies with all aspects of these standards and guidelines. Amazon (AWS) and Microsoft (Azure) each provided a detailed description of how their offerings address these APRA standards and guidelines and are a great starting point for any institution (or vendor) who considers using a cloud based solution.
Regulatory changes require institutions to make thoughtful consideration of the possible implementation options. We strongly encourage entities to take a holistic and strategic approach to APRA reporting, and to leverage the recent regulatory change events to drive significant transformation in their finance function, which brings the institutions one step closer to its future state target architecture.
Our team consists of highly experienced business and technology consultants who are passionate about assisting Australian financial services companies leverage technology to drive efficiencies, deliver insight and ensure regulatory compliance.