Five Questions on Regulatory Reporting and Data Protection

Claire Savage, Chief Operating Officer of AQMetrics, highlights what you need to know about regulatory reporting and the importance of protecting data.

  1. Has the level of regulatory reporting reached its peak or is there more to come?

There is more regulatory reporting to come. Across the financial services industry, we are beginning to see some consolidation around reporting data requirements for emerging regulations. The reporting process is improving with the widespread adoption of XML and machine-to-machine submissions to the regulators. Reporting operations are becoming more streamlined through the use of automated reporting services. As the data requirements converge, it allows firms to think more strategically about building a golden source of data for regulatory reporting and risk monitoring.

  1. Which regulatory reporting requirements are clients currently most focused on?

Our clients are most focused on compliance, data management, and consolidation. When it comes to complying with upcoming regulations, like the Markets in Financial Instruments Directive (MiFID 2) or Securities Exchange Commission (SEC) Reporting Modernization, they are gearing up for implementation. Improving data management and operations for existing reporting requirements is also a focus, such as Alternative Investment Fund Management Directive (AIFMD), SEC Form PF, and Commodity Pool Operator Pool Quarterly Reporting (CPO PQR). Many asset managers are looking to consolidate risk and regulatory reporting into a single source, to ultimately receive more insights from their data and report more efficiently to investors, regulators, and board of directors.

  1. MiFID 2 is one of the biggest data gathering and reporting exercises ever conducted within asset management. Is the market ready for this behemoth regulation?

As the 1 January deadline looms, preparing for MiFID 2 has become a fourth quarter priority.  Our firm provides MiFID 2 Approved Reporting Mechanism (ARM) services, and we are struck by the fact that some firms are only starting to focus on the data implementation requirements for the significant reporting ahead. For larger asset management firms and investment banks, there is widespread concern that the volume of late stage implementations is placing systemic risk on some of the available ARM services, particularly within the UK. One emerging change I have observed recently is that clients are engaging with a secondary ARM service to provide business resilience in their transaction reporting. Regulatory reporting is not something that can be taken lightly and the consequences of inaccurate or failure to report is significant.

  1. How does cyber security and data protection play a critical role in all of this?

With General Data Protection Regulation (GDPR) looming ahead, asset managers are becoming increasingly focused on information security due diligence.  Third-party risk assessments are becoming a higher area of scrutiny as data is now seen as an asset and a liability. As asset managers outsource more core processing functions and implement cloud-first policies, the need to understand how their data is protected in transit and at rest has become a board-level priority.

In addition to GDPR, we are helping clients plan for EU’s National Information Security Directive and SWIFT’s planned Customer Security Program. It requires a strategic approach to the storage and dissemination of data. From an operational risk assessment perspective, asset managers need to have a better understanding of how information security risks are peaking and pooling in their firms. All data from the fund administrator to social media accounts and third-parties with access to their information, should be registered and individually risk assessed.

Being institutionally paranoid about information security and protection of your client’s information is important and can prove to be a competitive advantage for firms. We’re living in a world that is focused on confidentiality and acutely aware of the cyber security threats the media covers on an almost daily basis. This applies to asset management as much as any other industry. Assume you are a target and act accordingly.

  1. What book have you read most recently?

I’m currently reading a book called Neurotribes by Steve Silberman.

It’s a fascinating insight into neuro-diversity and how our understanding of autism has evolved. It explores societal preoccupation with finding a cure and a cause. It brilliantly illustrates how far humans still have to go in understanding and adapting for a neurologically diverse population.

About Claire Savage

Claire Savage is Chief Operating Officer with AQMetrics, a RegTech firm providing simple, reliable, and cost-effective risk management and regulatory compliance through the use of technology. At AQMetrics, Claire oversees customer operations for global clients, spanning investment management, fund administration, and capital markets banking. She has a stellar background in defense, risk and regulation.

Prior to AQMetrics, Claire’s experience included Country Manager for software solution delivery with BAE Systems, the defense and security giant. Claire holds a BE in Mechanical Engineering from University College Dublin and an MSc in Management Science from the UCD Smurfit Graduate Business School.

Her other passion is CoderDojo, where she runs a volunteer-led club, where software engineers mentor a group of 50 enthusiastic kids in creative coding.

The views expressed in this material are those of the author as of 9/8/17 and may or may not be consistent with the views of Brown Brothers Harriman & Co. and its subsidiaries and affiliates (“BBH”), and are intended for informational purposes only. Neither Brown Brothers Harriman nor its affiliates or its financial professionals render tax or legal advice. Please consult with attorney, accountant, and/or tax advisor for advice concerning your particular circumstances. BBH is not affiliated with Claire Savage or AQMetrics.