Attending a data management event last week in London, it suddenly dawned on me that banks are in real danger of missing regulatory deadlines for implementation of compliance initiatives to comply with FATCA, Dodd-Frank, EMIR and MiFID II. Not surprising given the convergence of implementation dates and deadlines that are taking place and the limited amount of time left to gain compliance.
In an attempt to make up time, banks are splitting their compliance teams into streams according to specific regulations, giving them separate budgets and remits to implement separate systems and procedures to comply with a specific regulatory focus.
Of course this makes perfect sense to compliance officers who are facing regulatory fallout in the event of non-compliance ahead of D-Day. However, the fundamental problem with this approach is its failure to allow financial institutions to identify key opportunities to share data, technologies, processes and procedures across these various regulations and reduce the overall cost of compliance in the process.
Let’s take FATCA and Dodd-Frank as an example - both US regulations but with distinctly different focuses. However, both of these regulations share so many commonalities in terms of the data, documentation and processes that they demand.
For example, for FATCA compliance, financial institutions will need to identify all persons or entities domiciled abroad with a US tax liability based on 12 pieces of US indicia, based on certain monetary thresholds, before classifying them according to the 21 classification types contained in the final regulations.
In the same way, institutions trying to gain compliance with Dodd-Frank must also conduct classification of counterparties and understand the role the legal entity is performing as part of the trade e.g. Swap Dealers, Swap Participant or Swap brokers; including the trading values being executed based on the rules.
As you can see here, while the data and the compliance focus changes, the underlying processes and procedures do not. For financial institutions to gain compliance with both of these regulations, they need to start in the same place – client and counterparty data.
In an effort to comply fully with - not only FATCA or Dodd-Frank, but with EMIR, MifID II, the 4th EU Money laundering directive but – pretty much every regulation, financial institutions need to have faith in the quality of data in their possession, right across the institution. It makes sense then to strive towards achieving a single, cleansed instance of customer data in an effort to be able to ascertain all the data currently stored on the client or counterparty and all the outstanding data and documentation that needs to be collected (bearing in mind that data and documentation collected can also be re-used for several regulatory compliance initiatives).
To achieve this single instance of customer data, the data doesn’t necessarily have to physically move. However, it does require identification of a select number of systems across the financial institution that contain key data that can be intelligently linked together to create a fuller, more accurate risk management profile of the client or counterparty. For this to happen, all identifiers need to be tracked and accurately matched. So you’d be looking to integrate data sources from systems spanning legal, compliance, credit risk, operations and onboarding teams. This more complete profile, along with the invoked retrospective look-back process and identification of additional data needs to fulfil compliance objectives for any of the regulations, will help financial institutions to accurately measure exposures to any legal entity or counterparty.
To implement this horizontal vision of compliance, where all regulations can be solved in one go, it does take careful planning and consideration but the payoff is significant once in place. But with so much pressure on financial institutions to meet looming deadlines, it’s quite likely that many will miss the initial implementation deadline dates. Furthermore, for those that do meet the deadlines, it may well be at the cost of adopting poor compliance standards in an effort to get it over the line, leaving them susceptible to the scrutiny of regulatory audits.
How will your institution fare?