APRA has made it no secret that their data strategy is one of more, better and faster. That is, more granular data, of higher quality, at an increased frequency and with faster implementation and reporting deadlines.
The recent increase in reporting requirements from the regulator to share data sets for loan deferrals, superannuation early withdrawals and residential mortgage lending, triggered by the COVID-19 pandemic, are early evidence that the Australian regulator is transitioning away from gathering information only at the aggregated level.
APRA's regulators and supervisors require dynamic insights into the finance industry. Gathering aggregated information from the industry in static returns simply no longer meets their needs. In order to truly understand the risk profile of the entities they supervise, APRA requires access to more detailed data sets. And this is common across all areas of the regulated industry; superannuation, insurance, banking and non-bank lending.
The transition from sharing data to sharing reports will pose some specific challenges in the short-term but, if done well, there are significant long-term benefits for both the regulator and the 2000+ reporting entities they supervise.
Opportunities for industry
In a future state where APRA has access to more granular data , the regulator will be much more self-serving.
Responding to new regulatory reporting requirements has always been a challenging process for regulatory reporting teams. However, COVID-19 has exacerbated the challenges significantly, with APRA releasing new regulatory reporting requirements in record pace, with short implementation timeframes and reporting windows. The nature of new collections has required organisations to bring together data sets from different systems and business units to create a common APRA's reporting templates. In a future state where APRA has access to more granular data , the regulator will be much more self-serving. Providing the data once, instead of supplying reports at different aggregation levels, should result in a significant reduction in regulatory reporting effort and will also reduce the need for constant change.
Moreover, entities currently spend a lot of effort in the process of preparing and reviewing reports, often in dedicated regulatory reporting teams. Once APRA collects the organisation's granular data sets, the reporting process will be simplified, leading to a significant reduction in duplicated effort across organisational silos.
Data shared with the regulator will need to be of high quality, subjected to controls throughout the data lifecycle, with clear ownership and accountability and full traceability and lineage from source capture through to disclosure. Only trusted data sets will be good enough. But building trusted data assets is not just a regulatory imperative. Enterprise data initiatives to drive better business outcomes, in sales, marketing or finance through better use of data often have the objective and use overlapping data sets. Organisations will find benefit in leveraging their rich and trusted data sets as an asset to deliver Enterprise Insights.
Where to start
Starting the journey and making incremental changes over time have proven to be much more efficient than "big bang" approaches.
Whilst the journey from form-based reporting to data-set-based reporting will undoubtedly take several years to materialise, industry should not wait for the regulator's finalised standards to be imposed. Entities know all too well that strategic data initiatives take time and effort. Regulatory reporting reform has a history of taking a long time for reporting standards to be finalised, but with a short-time to be implemented. Industry should not delay laying the foundations for their data management framework.
Starting the journey and making incremental changes over time have proven to be much more efficient than "big bang" approaches. We recommend entities establish a baseline data governance framework, focus on a defined set of data element ("critical data elements") and iteratively work through the data ownership (roles and responsibilities), controls, lineage, data quality monitoring and reporting. Building a resilient data risk management capability will require continuous improvement efforts and business engagement. Waiting until there is a regulatory deadline is not only going to make the journey more painful; it is wasting precious time; resources and money.