Preparing for enhanced regulatory reporting expectations:

New regulatory requirements for Canada

Demand for high-quality, timely data from investors and regulators has already led many Canadian financial institutions to enhance their reporting capabilities to ensure compliance. More recently, a new guideline issued by Office of the Superintendent of Financial Institutions (OSFI) signalled a clear call to action for more strategic improvements across the industry.

Relying on regulatory capital, leverage, and liquidity returns as measures of organizational soundness, OSFI’s guideline lays out enhanced assurance expectations for senior management, internal audit, and external audit. Let's explore some of the implications for each area.

Senior-management attestations

The requirements for senior-management attestations put further emphasis on the need to establish clear individual accountability and ownership at the senior-leadership level. Internal-review and senior-management attestation requirements will necessitate robust governance, controls, and monitoring of sub-certification processes. Attesting senior managers will need clear visibility into any identified deficiencies to ensure that remediation efforts are completed in a timely manner.

Internal audits

Internal auditors must evaluate and opine on the effectiveness of the processes and internal controls in place over the in-scope returns. As a best practice, the control framework, scope, and materiality of internal audits should be aligned to external audits to maximize scoping and testing efficiencies, as well as to allow enough time for any issues to be identified and remediated prior to external audits.

External audits

External-audit requirements put additional emphasis on the calculation of key regulatory reporting ratios. With the requirement to opine on numerators as well as denominators, ratio accuracy will now be more stringently assessed. The focus on these figures in external audits can provide additional incentive to senior management to ensure robust, documented, audit-ready processes and controls are in place.

Develop a future-focused regulatory strategy

Moving in the right direction

Navigating the ins and outs of regulatory reporting presents a combination of intersecting challenges. Finding the right path forward starts with defining and strengthening your strategy.

Our regulatory reporting framework is anchored on seven key pillars to support effective prioritization.Whether you’re looking for a complete transformation or some fine-tuning to your existing strategy, our approach can be tailored to your strategic priorities.

Our framework explores current-state gaps and complexities in reporting practices and addresses them through these pillars to help you develop a holistic strategy. Understanding the seven key pillars is the first step to elevating your strategy. The next? Acting on them.

Seven key pillars

1. Governance and accountability

An effective governance structure is required to enforce accountability, monitor quality, and mitigate reporting and operational risks. Your company's governance program should define key roles and responsibilities and identify processes, controls, and tools to manage end-to-end regulatory reporting.

Key considerations:

• How can your organization drive increased effectiveness and efficiency in its regulatory reporting program?
• What key processes require framework development, documentation, and socialization to help guide decision-making? Which stakeholders need to be engaged when developing the government structure? And which areas can be identified as opportunities to refine your current practices?

2. Data management

To thrive, Canadian financial institutions need a centralized program for data governance. Data-management standards should ideally be enforced through end-to-end data flow, from booking or originating systems through aggregation and reporting.

Key considerations:

• What is your organization's current data strategy? How can this be built upon and relevant objectives identified?
• How can leadership be best engaged across business lines and functions to help ensure strategy buy-ins and clearly understood accountabilities?
• What information on data quality is currently shared with report owners? Does this enable them to understand the quality of the data that is used for regulatory reporting?

3. Report-preparation controls and documentation

The regulatory report preparation process can be complex, involving data aggregation, manual adjustments, and multiple layers of review. Maintaining documentation of all flows and narratives can lead to greater transparency, reduced regulatory and operational risks, and better reporting quality.

Key considerations:

• Are consistent standards being applied to developing, implementing, documenting, and overseeing reporting controls?
• Are all controls documented, using detailed and up-to-date data to allow for effective testing and challenge?

4. Quality assurance (QA) and data integrity

Ensuring established processes work as intended is vital to a successful regulatory reporting strategy. Launching QA and data-integrity capabilities allows for independent and continuous monitoring throughout the reporting life cycle and feedback on any process roadblocks.

Key considerations:

• Does your organization have an existing function that is well-suited to providing independent challenge and oversight, or does such a function need to be built?
• What structure for this function is appropriate for the organization, and what level of skill or expertise would it require?
• Which key QA measures require defined standards and responsibilities?

5. Change management and training

As requirements continue to evolve and expand, teams should include regulatory reporting subject-matter experts with a thorough understanding of organizational products, accounting concepts, processes, and data management. Centralized training programs should be established to help monitor, manage, and adapt to these changes.

Key considerations:

• Which of your organization's existing functions could be centralized to allow for coordination across all internal programs that affect regulatory reporting?
• Where should this centralized function reside in your organization to help ensure firm-wide accountability?
• What training objectives and materials are needed for a broader strategy to acquire and retain a talent pool with solid regulatory reporting knowledge?

6. 3LOD roles and responsibilities

The three lines of defence (3LOD) play a critical role in managing risk and ensuring the effectiveness of internal controls. Clear segregation of duties and a robust communication model across the 3LODs can help reduce operational and regulatory risks.

Key considerations:

• What are the current responsibilities of each role in your organization's 3LOD structure? What current gaps or complexities need to be addressed?
• Which roles in your organization's 3LOD framework may require subject-matter expertise? Do opportunities for centralization/amalgamation exist?

7. Infrastructure and automation

Often underpinned by flexible automation tools, sustainable reporting strategies help shape and optimize the process. However, adopting a new reporting solution often requires significant time and investment. A holistic approach is imperative for reaching a viable end-to-end solution.

Key considerations:

• What standards for consistent and frequency-based enforcement of the authorized use of data-source systems should be implemented?
• Does your organization have a solid case to justify a long-term strategy for investment in infrastructure?

Regulatory reporting: Unlocked

Building a strong foundation for regulatory compliance begins with a well-defined strategy aimed at driving increased efficiency and effectiveness. From identifying threats to implementing innovative data infrastructure, there are many ways to strengthen your organizational approach. Act on the seven pillars to establish a robust regulatory reporting framework and kick-start your journey toward long term strategic success.

Key Contact

Karen Love
Partner, Risk Advisory
karelove@deloitte.ca
416-874-3642