This week the FCA, the UK’s financial market regulator, published (click here) their regular Market Watch newsletter examining recent observations from their supervision of the UK MiFID transaction reporting regime including an assessment of their findings from various Section 166 reviews examining transaction reporting failings. This newsletter would be of potential interest to energy and commodity firms with UK MiFID-regulated entities as well firms with UK EMIR transaction reporting responsibilities.
The FCA noted improvements in the overall quality of reporting in their July 2023 Market Watch publication (click here) but continue to identify incomplete and inaccurate transaction reports. They note that several data quality issues continue, and have reoccurred even after the issue had been identified and supposedly remediated by a firm. In examining the underlying root causes, they identified weaknesses under five key headings as summarised below:
1] Change management:
Change within organisations can affect systems and processes for transaction reporting. The FCA’s observations include:
- Poor change management undermines the delivery of change in firms. Some firms that did not use business analysis to map out business requirements before MiFID 2 were left with significant reporting gaps;
- Insufficient change-related documentation (including records of key decisions) can create knowledge gaps resulting in complexity for firms when they later need to remediate data quality issues;
- Data quality issues emerge where change processes are outsourced to third parties, and there is inadequate oversight over the scope of deliverables, often worsened by the lack of transaction reporting subject matter expertise (SMEs) within the firm;
- Inadequate management information (MI) reduces a firm’s ability to monitor progress while managing regulatory change risk;
- Staff turnover and absences affect data quality, and failures to report transactions exist where key staff dependencies exist along with the lack of clear policies and procedures to manage reporting in their absence.
2] Reporting process and logic design:
Effective transaction reporting systems and controls should be supported by clear reporting processes and logic design documents. The FCA’s observations include:
- Firms interpret regulatory requirements and develop reporting logic independently from the firm's business context resulting in misreporting - as an example they quote firms populating RTS 22 field 36 (Venue) with a trading venue market identifier code when reporting as a direct electronic access (DEA) user;
- The likelihood of errors arising and going undetected increase where input from the first and second lines of defence are limited in the design process;
- The lack of clarity in implementing a transaction reporting process results in ad-hoc resource assignment and unclear deliverables;
- This results in manual processes that lead to late reporting, backlogs in exception management and problems when transaction reports need to be cancelled and amended.
3] Data governance:
Transaction reporting processes often rely on multiple internal data sources and external feeds. The FCA’s observations include:
- Firms gather data for their transaction reporting process from various sources which can result in fragmented data owners, access, maintenance and storage thereby increasing the chance of errors, specifically:
- Encrypted data flowing into transaction reports from systems that hold personal information causing pseudonymised national identifiers being misused in fields that require natural persons to be identified;
- Incorrect data elements being sourced due to inaccurate mapping or outdated data tables;
- Trading venue transaction identification codes being overridden in RTS 22 field 3 by internal execution identifiers;
- Inaccurate or invalid legal entity identifiers (LEIs) being sourced from static data tables that do not reconcile with booking confirmations.
- Inadequate data lineage documentation undermining the integrity of data used in transaction reports resulting in ineffective data management and data flow breaks;
- Failure to identify source data accurately adversely affects the effectiveness of reconciliations conducted e.g. supressing the detection of reporting breaks;
- Poor record keeping can undermine a firm’s ability to audit its records and correct historic transactions where errors are identified;
- Article 25(1) of UK MiFIR (click here) requires MiFID entities to keep data relating to all orders and transactions in financial instruments they have carried out for five years;
- Inadequate security or change management for personal data can result in unauthorised or untracked data modifications, introducing inaccuracies in transaction reports.
4] Control framework:
Firms must have arrangements to make sure their transaction reports are complete and accurate. The FCA’s observations include:
- Poorly designed reconciliation processes hinder firms from identifying data quality issues which may exclude source data or specific data flows;
- Article 15(3) of RTS 22 (click here) requires that reconciliations include front-office records;
- Some firms conduct reconciliations on specific fields only, or on an irregular basis which may not be adequate to identify all errors and omissions or meet the requirements of RTS 22;
- They noted cases where controls had not been reviewed or updated when reporting processes evolve which does not align with Article 21(5) of UK MiFID;
- They identified firms that excluded services and data provided by third parties from their control and reconciliation frameworks, creating gaps in monitoring, preventing firms from identifying issues originating outside the firm.
5] Governance, oversight and resourcing:
Effective governance plays a key role in upholding operational integrity of the transaction reporting process, managing risks, and maintaining trust through accountability. The FCA’s observations include:
- Excluding transaction reporting from a firm’s wider risk management framework can result in limited consideration of transaction reporting as an operational, compliance and reputational risk;
- Prioritising financial risk management at the expense of non-financial risk can lead to significant weaknesses in the measurement and management of transaction reporting risk which doesn’t align with Article 23 of UK MiFID (click here);
- Lack of relevant MI creates a monitoring gap for senior management in which transaction reporting risks may crystallise;
- Insufficient or inconsistent MI may prevent the board of a firm and other governance bodies from understanding the regulatory and operational risks arising from transaction reporting issues;
- Firms should be aware of the requirements in Article 21(1) (click here) of UK MiFID with respect to the above two bullets;
- Deficient organisational structures result in ineffective oversight of transaction reporting risks and reporting issues which may conflict with Article 21(1)(a) (click here) of UK MiFID;
- Unclear terms of reference across governance bodies often mean relevant persons are unaware of the procedures that apply to the proper discharge of their responsibilities potentially in conflict with Article 21(1)(b) (click here) of UK MiFID;
- Limited compliance oversight over transaction reporting can prevent firms from improving their reporting processes through independent advice and challenge;
- The FCA observed that firms do not have a formal Compliance Risk Assessment (CRA) process and lacked SMEs to provide guidance on transaction reporting issues which might conflict with Article 22(2) (click here) of UK MiFID;
- A lack of accountability over the transaction reporting process can result in ineffective process assessment, policies and procedures which disincentivises firms from addressing emerging deficiencies which may conflict with Article 25(1) of UK MiFID (click here);
- Insufficiently resourced transaction reporting functions result in operational issues such as not managing exceptions on time;
- The FCA also identified other resourcing challenges such as long delays to the delivery of remedial work and back reporting.
The FCA notes that there is a connection between the above areas where weaknesses in one area can spread to other areas. The FCA’s newsletter is characteristically succinct, and the practical points raised provide tangible and specific areas which firms subject to both MiFID 2 and EMIR reporting may wish to benchmark themselves against.