Regulatory Reporting Gets Easier with Information Governance

complying with regulatory reporting requirements

In the complex world of financial regulations, the requirements of regulatory reporting loom large for the banking and securities industries. These organizations not only have to answer to a wide range of regulatory bodies across the various markets where they do business — they must now provide more information, and more different TYPES of information, than ever before.

Why has financial regulatory reporting gotten so challenging, and how does information governance (IG) make it easier to comply with reporting requirements?

The push for more accountability in regulatory reporting

Regulatory reporting is not new to financial services organizations, investment banks, broker-dealers, and other firms that engage in the trading of stocks, equities, and securities. Financial regulators and the markets have a history of requiring banks and other firms to account for their activities.

In the United States, for example, the self-regulatory organization for the securities markets, the Financial Industry Regulatory Authority (FINRA), requires broker-dealers to report on all trades. In recent years, FINRA has pushed the industry to do more, and better, recordkeeping.

And in the twenty-first century, the 2008-2009 financial crisis and a growing emphasis on consumer protection have led to an expansion of regulatory reporting:

  • Since its introduction in 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act has continued to increase reporting and regulatory compliance requirements for security-based swap dealers (SBSDs) — firms that participate in the swaps business, which was seen as contributing to the systemic financial instability of 2008-2009.
  • In 2013, as part of its Customer Protection Rule Initiative, the Security and Exchange Commission (SEC) implemented Rule 17a-5. It requires broker-dealers to file monthly and annual compliance reports, plus self-report “certain failures or material weaknesses” that might impact financial regulatory compliance.

These and similar requirements are on top of the basic reporting that banks and other financial firms must routinely file with countless U.S. regulators, including the Federal Reserve, Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), and state and local entities.

And then there are requirements in the other parts of the world where financial firms may do business, which further complicate reporting and regulatory compliance.

More information, more sources — and more challenges

In the past, regulatory reporting was very much about specific streams of information, such as daily capital reporting to FINRA or quarterly balance sheet and income statement (Y-9) reporting to the Federal Reserve. This reporting was prescriptive and highly structured, often using forms.

But as regulatory reporting has broadened and deepened — particularly coming out of the 2008-2009 financial crisis — regulators are asking for more information of different types and from disparate sources. And accommodating these new reporting requirements is posing new challenges to the current operating models in financial organizations.

Let’s look at two examples.

1. MiFID II: Upping the fiduciary responsibilities

In 2018 the European Commission rolled out an amendment to the 2007 Markets in Financial Instruments Directive (MiFID). This new regulation, MiFID II, expanded the types of entities that are subject to regulatory reporting.

The result is that reporting requirements now apply to small retail businesses — such as those that provide advice to small investors — in addition to larger institutional businesses operating in Europe. In addition, MiFID II raised the fiduciary responsibilities so that broker-dealers and other financial organizations must now document that they are acting in the best interests of their clients. Specifically:

  • Financial firms must provide more information about their interactions with clients.
  • Firms must now record telephone calls and capture electronic communications for purposes of regulatory reporting.
  • Communications recordkeeping requirements apply to a broader audience — including entities that previously did not have such requirements.

MiFID II still includes rules for classic regulatory reporting requirements, such as how to report transactions and when, time-stamping of trades, and so on. But the new requirements go beyond regulatory reporting in the traditional sense, creating new needs such as retention and management of electronic communications.

These are needs that the traditional operating model for regulatory reporting simply does not meet — but they do have a solution in the information governance (IG) space.

2. Dodd-Frank Title VII: Pulling in records from multiple sources

In the U.S. in 2019, the SEC adopted some new rules under Title VII of the Dodd-Frank regulation, increasing the requirements for dealers to report security-based swap activities to their regulator, the Commodity Futures Trading Commission (CFTC), within a specified timeframe. 

The difficulty with documenting swap activities is there is no one thing that makes up a swap transaction record. Instead it is a set of information that does not come from just one system.

For example, a swap record could include:

  • A phone call between a salesperson and a client or other parties
  • Emails discussing the swap
  • Internal trading system records of the swap components
  • A long-form confirmation between two parties that governs the relationship for the swap
  • A short-form confirmation that documents the current swap and amendments

Complicating matters, there is no unique identifier that tracks through all systems and allows the information to be searchable.

With information that is varied and spread across disparate systems, as in swap transactions and many other types of financial records, here again regulatory reporting calls for an IG approach.

An IG approach to regulatory reporting

The increased breadth and depth of today’s regulatory reporting, and the amount of information regulators want to see, requires a heightened level of attention to vital aspects of information governance — including recordkeeping, information management, and regulatory compliance.

An IG program provides an operating model that puts the right people, process, technology, and governance in place to meet reporting and regulatory compliance requirements. It creates an organized, consistent, repeatable, and documented method for always knowing:

  • What information you have
  • Where to find it
  • Who has access to the information
  • What information to keep, and what needs to be disposed of
  • How long to keep information
  • How to retrieve it
  • Who responds, and how, to requests from regulators

To learn more about how information governance (IG) can make reporting easier, and help you achieve and maintain regulatory compliance, please contact

Listen to Podcast: UK Regulator's Order to Experian for Misuse of Personal Data

About the Author

Matthew Bernstein

Matthew Bernstein

Matthew Bernstein has worked at the intersection of business and technology for more than twenty years, to transform organizations and to define, develop, and operationalize information management standards and solutions.

About MCBD

MC Bernstein Data helps companies achieve their objectives related to Information Governance, including data privacy and protection; regulatory, litigation, and consumer responsiveness; information security; acquisitions and divestitures compliance; records management; data licensing management; and operational efficiency.

Learn More