controlling data across borders - workiva · 2 | controlling data across borders opyright nfopro...

Controlling Data Across BordersEffective globalized statutory reporting

Research partner

© Copyright Infopro Digital Services Limited 2019. All Rights Reserved2 | Controlling Data Across Borders

Chartis Research is the leading provider of research and analysis on the global market for risk technology. It is part of Infopro Digital, which owns market-leading brands such as Risk and WatersTechnology. Chartis’ goal is to support enterprises as they drive business performance through improved risk management, corporate governance and compliance, and to help clients make informed technology and business decisions by providing in-depth analysis and actionable advice on virtually all aspects of risk technology. Areas of expertise include:

• Credit risk.• Operational risk and governance, risk and

compliance (GRC).• Market risk.• Asset and liability management (ALM) and

liquidity risk.• Energy and commodity trading risk.• Financial crime including trader surveillance, anti-

fraud and anti-money laundering.• Cyber risk management.• Insurance risk.• Regulatory requirements including Basel 2 and

3, Dodd-Frank, MiFID II and Solvency II. Chartis is solely focused on risk and compliance technology, which gives it a significant advantage over generic market analysts.

The firm has brought together a leading team of analysts and advisors from the risk management and financial services industries. This team has hands-on experience of implementing and developing risk management systems and programs for Fortune 500 companies and leading consulting houses.

Visit www.chartis-research.com for more information.

Join our global online community at www.risktech-forum.com.

© Copyright Infopro Digital Services Limited 2019. All Rights Reserved.

No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of Infopro Digital Services Limited trading as Chartis Research (‘Chartis’).

The facts of this document are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions and recommendations that Chartis delivers will be based on information gathered in good faith, whose accuracy we cannot guarantee. Chartis accepts no liability whatever for actions taken based on any information that may subsequently prove to be incorrect or errors in our analysis. See ‘Terms and conditions’.

RiskTech100®, RiskTech Quadrant®, FinTech Quadrant™ and The Risk Enabled Enterprise® are Registered Trade Marks of Infopro Digital Services Limited.

Unauthorized use of Chartis’ name and trademarks is strictly prohibited and subject to legal penalties.

https://www.infopro-digital.com/terms-conditions/research-and-marketing-services/?lang=en


Workiva, a cloud provider of connected reporting and compliance solutions, is used by thousands of enterprises across 180 countries, including more than 75% of Fortune 500 companies, and by government agencies. Its customers have linked over five billion data elements to trust their data, reduce risk, and save time.

The Workiva connected reporting platform is changing the way reporting happens globally—from data preparation to final report. The company aims to modernize how users manage business data by bringing collaborators, documents and spreadsheets together in the same secure environment. The platform allows structured and unstructured data to be aggregated and connected across reporting and compliance outputs, including presentations, spreadsheets and reports.

Workiva enables users to collaborate with data in new ways, while supporting global data standards for more reliable reporting across industries, regions, and markets, including local GAAP, non-GAAP, IFRS and iXBRL standards.

For more information about Workiva, please visit workiva.com.

https://www.workiva.com/


Table of contents

1. Executive summary 6

2. Introduction 7

3. The emergence of globalized statutory reporting 8

4. Approach diversity with governance 9

5. Globalized statutory reporting – the data challenges 10

6. Approaching diversity with data integrity and control 11

7. Conclusion 13

8. How to use research and services from Chartis 14

9. Further reading 15


List of figures and tables

Figure 1. Governance is at the heart of statutory reporting 9

Figure 2. Multi-entity reporting example: reporting regimes in the US and Germany 10

Figure 3. How data lineage works 11


1. Executive summary

In this report we will explore the challenges of modern statutory reporting and the strategies that financial institutions (FIs) can employ to manage them. Specifically, we will focus on the challenges that emerge from multi-entity and multi-standard reporting, as well as the drivers behind the globalization of statutory reporting. In the context of globalized statutory reporting, significant challenges emerge from the diversity of reporting compliance requirements. Because the rules of statutory reporting and the data associated with it are disparate and detailed, data integrity and control is at the forefront of compliance management in conjunction with enterprise-wide governance.

A basic definition of statutory reporting is that it is the requirement for FIs to disclose financial and non-financial information under their relevant reporting regimes. Modern FIs are rarely limited to one territory and one reporting regime, however. Statutory reporting has always been a laborious process, and multi-entity reporting is aggravating the situation.

FIs now have to recruit multilingual professionals who are conversant in multiple reporting standards, while implementing technology to support various compliance data flows. Moreover, the reporting standards that comprise statutory reporting requirements are becoming more comprehensive and complex. Increasingly then, modern statutory reporting is characterized by the need to achieve compliance with a challenging and overlapping set of reporting regimes.

In the face of such challenges, we believe FIs should rely on two central pillars in develop an effective statutory reporting operation: 1) an enterprise-wide governance regime; and 2) robust data integrity and control technology. Statutory reporting is a data-intensive process, and in this report we will focus on the data synthesis stage, in which data is mapped into reporting templates. We will also look at how reporting data can be stored and tracked, and consider the importance of collaborative data processes in ensuring that data remains consistent as it used in multiple reports and across multiple legal entities/hierarchies. We conclude that the most robust reporting data technology solutions will be those that are comprised of data lineage functions, a centralized system, document templates and a cloud infrastructure.


2. Introduction

Statutory reporting is a composite landscape that covers FIs’ compliance with compulsory accounting reporting standards. Reporting regimes are continuously evolving to meet new market needs, and this process of evolution is informed by the changing financial and technology climate. Today’s reporting standards are being shaped largely by two factors: the ‘data revolution’ and the rise of risk-aware accounting.

The term ‘data revolution’ describes the explosive growth in data in recent years, which we can think of in three dimensions: volume, variety and velocity (often referred to as the ‘3 Vs’). The impact of this explosion of growth in the speed, quantity and variety of data has been felt far beyond the areas of business insight and efficiency. The data revolution is also being reflected in evolving statutory reporting requirements. Indeed, now more than ever, firms are having to synthesise and present data at an unprecedented level of granularity. And this level of detail is not just reserved for single reporting regimes – it is becoming the new standard for a multitude of simultaneous reporting regimes.

The development of risk-aware accounting – which is being furthered by the International Accounting Standards Board (IASB) through its development of International Financial Reporting Standards (IFRS) – is based on the concept of integrating risk into accounting figures, and it is gradually becoming the new model for reporting regimes. Its underlying logic is that by integrating current and forecast risk into the way value is reported, economic value can be more faithfully represented. A more realistic economic representation of value should help to ensure that firms’ portrayal of the cash flows in and out of the business are accurate.

But this is coming at a cost for FIs: additional operational and process complexity. More data is required to flow through additional business units before it reaches reporting documents. At the center of compliance with various demanding reporting standards is data integrity and control. FIs need the technical and professional expertise to handle reporting data and maintain its integrity as it flows through multiple compliance value chains. Moreover, FIs will have to adapt to a reporting process that draws data from non-traditional systems across the enterprise, and from outside. In this report we will highlight the importance of data lineage and aggregating

reporting data and documentation on a single platform. From a collaborative standpoint, we consider a unified, centralized platform as a key strategy in ensuring that multiple users can manage and access data in a controlled manner.


3. The emergence of globalized statutory reporting

The world according to GAAP – the convergence of GAAP and IFRS

Before understanding how to meet the challenges of globalized statutory reporting, it is important to understand the context that surrounds it. During the past 18 years, the IASB has been developing IFRS standards, with the aim of improving transparency, comparability and risk-aware accounting within financial services at an international level. As the IASB develops IFRS standards and sets implementation dates for them, national-level reporting regimes, or generally accepted accounting principles (GAAP) are progressively converging with IFRS. There are a number of reasons for this.

The financial services industry is becoming ever more globalized, and the idea of having reporting regimes at an international level appeals to regulators and investors. A system of national-level reporting regimes eases the comparability of cross-territory FIs’ business performance. Furthermore, statutory reporting should convey the accurate health of a business and provide a top-level view of its cash flows. International reporting standards maintain comparability between FIs and ensure that FIs’ reporting is of a similar quality. As the IASB rolls them out, both IFRS 171 and IFRS 9 provide recent examples of the new risk-aware accounting framework in action.

IFRS standards are not a blanket replacement for local GAAP, however, and some regions will continue to report under local reporting regimes, or observe a mixture of both. All firms listed in the EU have to present their consolidated financial statements in accordance with IFRS standards. Significantly, the US will continue to report under the Financial Accounting Standards Board (FASB) regime, while Japanese firms will observe that of the Accounting Standards Board of Japan (ASBJ).

Depending on an FI’s specific reporting context, some of the same data can be leveraged for different core reports using standard reporting packs. Where possible, FIs should take advantage of overlapping core data. In the context of modern statutory reporting, the devil is then in the detail. Although many reporting regimes are moving toward risk-aware accounting, many highly nuanced differences remain. The FASB, for instance, is working to amend US GAAP to make

1 For more on IFRS 17, see the Chartis reports ‘Achieving Effective IFRS 17 Reporting’, ‘IFRS 17: The next stage in risk-aware accounting’ and ‘IFRS 17 Technology Solutions, 2019: Market and Vendor Landscape’.

them more risk-aware in line with the IASB’s requirements. They will continue to diverge on many points, however, and any similarities will not create a significant logistical overlap. As a result, distinct and detailed reporting creates correspondingly granular data, which demands separate management. To compound the issue, having multiple strands of reporting compliance without adequate governance can lead to inefficient and even inaccurate compliance.


4. Approach diversity with governance

The end of ‘make do and mend’

The pace at which new statutory reporting requirements emerge can cause ‘compliance fatigue’ among FIs. To ensure they are not trapped in a mudslide of competing reporting requirements, FIs need to develop a coherent and cohesive firm-wide statutory reporting governance regime. Each reporting requirement should therefore be approached as a component of a singular process that results in reporting compliance, and as a medium for communicating with investors and creditors.

Every FI’s governance framework should be developed with that institution’s specific reporting context in mind. Unlike US GAAP, IFRS standards are principle-based rather than rule-based, which means compliance contains a level of flexibility and different interpretations. Governance frameworks should be informed by an FI’s specific accounting policy decisions. Figure 1 shows the link between the stages of statutory reporting and audit, and the central position of governance and accounting policy.

Tailored governance is even more crucial in the context of multi-entity reporting. Governance may be developed centrally by an institution and then filtered down to entities in different regions. In some cases those regions will be subject to different reporting regimes, and it is vital that governance is adequately tailored to support those demands. Moreover, whatever the reporting context, the standards of internal audit should be consistent throughout entities of the same business.

In technology terms, complying with simultaneous reporting regimes can be costly. FIs will have to evaluate the manual processes they have in place and the scope for automating them. Technology and governance are intuitively linked, and technological processes need to include human validation and input. The penalty for incorrect statutory reporting can be steep, in terms of fines and reputational damage, so the automation of technology should not remove functional touchpoints with specialized personnel.

Figure 1. Governance is at the heart of statutory reporting

Statutory reporting

governance and policy

Internal audit

Internal audit

External audit

External audit

Report

Disclose

Create unit of account

Measure cash flows

Report calculations

Source: Chartis Research

Developing a cohesive enterprise-wide reporting governance regime will ideally inform how FIs approach compliance technology, and in particular the way that reporting data is stored and controlled. Current manual, unchecked processes, which produce submissions for multi-standard and multi-entity reporting, can increase financial and reputational risk. Manual processes are also operationally expensive. Implemented correctly, technology can improve the oversight and control of multi-entity and multi-standard reporting demands. Traditional word-processing and office software is no longer sufficient for external regulatory filings, and FIs cannot sustain ad hoc enhancements to their technology stacks. If necessary, they must go back to the drawing board and implement technology according to their specific enterprise-wide requirements and policy. Central to that technology is data integrity and control, and critical features of data integrity and control technology include the ability to track and store data.


5. Globalized statutory reporting – the data challenges

The way that FIs approach enterprise data is a foundation of accurate and efficient reporting. Before implementing technology that works to preserve the integrity of data and control it, FIs need to understand what they are dealing with. While the data revolution has massively improved the accessibility of data for FIs, it has also raised expectations about data granularity and FIs’ access to data for compliance.

So for FIs the data revolution has been both a blessing and a curse, improving their insight, but also fueling more challenging compliance demands. Correspondingly, the variety of data available to FIs for the analytics associated with compliance is becoming ever more expansive and unstructured.

A real challenge for multi-entity reporting (see Figure 2) is the lack of overlap in the way that

data is transformed and managed. Different local GAAPs can present distinct sets of challenges. Accounting for the same asset under different regimes may entail different units of account, different calculations, and different collateral requirements. In the case of IFRS 17, IFRS 9 and Solvency II there is a degree of overlap, because they are entity-specific (IFRS 17 and Solvency II, for example, relate specifically to insurance services). Yet for some insurance products, IFRS 9 is used to value embedded assets in contracts. For the most part, however, for accurate compliance the best approach for FIs to take is to view different reporting regimes as having definitively different data flows. Ultimately this means variations of the same source data on a vast scale, a situation further complicated by the complexity of corporate hierarchies and the number of business units that data has to pass through.

Figure 2. Multi-entity reporting example: reporting regimes in the US and Germany

US GAAP IFRS

Multi-entity reportingGermanyUSA

German GAAP(Required) Public companies listed in

an EU member state(Optional) non-EU listed companies (Optional) Separate entity financial statements – only for presentation

Historical cost principle: nominal acquisition cost of asset and liability

(not updated).Revenue recognition: earned but not

when received.

Historical cost principle: nominal acquisition cost of asset and liability

(not updated). Exception: assets held for trading by

FIs measured at Fair Value.Revenue recognition: revenue

recognized if realized at balance sheet date.

Fair value: Market-based unbiased estimate of potential value

(revaluation permitted).Revenue recognition: (sale of goods, rendering of service etc). Recognition

of profit includes probability of economic benefit.

IFRS GAAP

(Required) non-EU listed companies(Required) companies not required to file consolidated financial statements(Optional) Public companies listed in

an EU member state

(Required) Public companies listed in the US

(Required) Companies that release financial statements to the public in

the US

US GAAP



6. Approaching diversity with data integrity and control

Contemporary statutory reporting demands mean that, now more than ever, data is passing through more users and systems across more business units. The flow of data through a business is no longer linear. Correspondingly, the process of data lineage, data linking and data tagging is vital, and becoming more complex. Data now flows through a multitude of points across an entity until it reaches disclosure. Being able to trace the journey of compliance data as it sprawls across the corporate hierarchy to meet various reporting demands is essential.

In recent years, data lineage tools have developed and become more popular. In essence, data lineage enables FIs to trace the movement of data through people and processes, and it is vital to internal audit as it enables users to determine the cause of errors. It can also display the journey that data has taken through the compliance chain. Ultimately, it is a tool that can help to enable trust and transparency in the compliance process.

Supporting data integrity with a centralized system

FIs will need to adopt a holistic approach to control, and preserve the integrity of data consistently across different reporting lines. This holistic approach can be enabled by an IT infrastructure that supports the storage, management and labeling of reporting data.

Despite each reporting regime creating its own distinct data flows, compliance can be streamlined by aggregating all the documentation and data lineage into a singular, centralized system. Employ-ing a centralized system has a variety of benefits:

• Dataset aggregation on a single platform.

• Control over the source and flow of data throughout the reporting process.

• Control over and tracking of users’ interaction with data.

• Enabling collaboration between different stakeholders.

• Preventing the corruption of data through iterative compliance processes.

How data lineage works

To create data lineage, a system needs to track where data was sent from, the process by which it was sent, and where it is going (see Figure 3). Metadata from those steps is retrieved and stored; the more steps the data goes through, the more complex its data lineage. Other variables can affect the way that data is processed, such as selection criteria, filters and conditional logic. In addition, the difficulty of data lineage is exacerbated by the complexity of corporate reporting structures, and the more reporting regimes an FI is subject to. These factors also boost demand for data lineage functionality.

Figure 3. How data lineage works

Target

Process

Source system

Source system: (Application, CSV, report, data warehouse)

Process: (Moved, mapped, transformed)

Target: (Application, CSV, report, data warehouse)


• Providing a top-level view of FIs’ statutory reporting status.

Aggregating reporting data on a single platform is especially useful in the context of data tagging for statutory reporting. Data must be linked and tagged so it can be formatted and presented in the relevant reporting language. Lastly, reporting templates should be flexible to account for variation across FIs.

Cloud platforms enable a singular, scalable and centralized system. Cloud-based services can provide a number of benefits in the context of enterprise statutory reporting, including the necessary flexibility, volume of storage and


collaborative user access. Cloud platforms are especially beneficial in internal and external audit management. In recent years, regulators have emphasized the importance of individual accountability. Data lineage stored in the cloud allows FIs to track individual users’ interactions with data, and enables them to establish controls over access to the data. External audit functions can have access to the same cloud platform, and in this way FIs can provide visibility into all audit trails, accurate numbers and narratives. Having global oversight on audit processes is highly valuable for FIs.


7. Conclusion

With the right tools and expertise, FIs can compete in an increasingly globalized market that is subject to progressively challenging reporting requirements.

Globalized statutory reporting has created the conditions for diverse and competing compliance requirements. As local GAAP and IFRS continue to converge and business expands across borders, FIs will need to adjust to the ‘new normal’. Underpinning that shift are two key pillars – an enterprise-wide governance regime and a robust data management technology solution. To cope with the challenges they will face, FIs need to take a holistic approach to compliance with a centralized, unified system that enables data lineage, data tracking and data tagging.

Beyond compliance, statutory reporting is a medium for communicating with investors and creditors. The demands of compliance on a business can be leveraged to inform an FI’s strategy outside compliance. Insights gleaned from data transformations for compliance, for example, can be used to power resource planning software across the business. To compete in the global market, compliance with statutory reporting will not be enough – FIs will have to move beyond compliance.


For risk technology buyers

If you are purchasing risk management software, Chartis’s vendor selection service is designed to help you find the most appropriate risk technology solution for your needs.

We monitor the market to identify the strengths and weaknesses of the different risk technology solutions, and track the post-sales performance of companies selling and implementing these systems. Our market intelligence includes key decision criteria such as TCO (total cost of ownership) comparisons and customer satisfaction ratings.

Our research and advisory services cover a range of risk and compliance management topics such as credit risk, market risk, operational risk, GRC, financial crime, liquidity risk, asset and liability management, collateral management, regulatory compliance, risk data aggregation, risk analytics and risk BI.

Our vendor selection services include:

• Buy vs. build decision support.

• Business and functional requirements gathering.

• Identification of suitable risk and compliance implementation partners.

• Review of vendor proposals.

• Assessment of vendor presentations and demonstrations.

• Definition and execution of Proof-of-Concept (PoC) projects.

• Due diligence activities.

For risk technology vendors

Strategy

Chartis can provide specific strategy advice for risk technology vendors and innovators, with a special focus on growth strategy, product direction, go-to-market plans, and more. Some of our specific offerings include:

• Market analysis, including market segmentation, market demands, buyer needs, and competitive forces.

• Strategy sessions focused on aligning product and company direction based upon analyst data, research, and market intelligence.

• Advice on go-to-market positioning, messaging, and lead generation.

• Advice on pricing strategy, alliance strategy, and licensing/pricing models.

Thought leadership

Risk technology vendors can also engage Chartis to provide thought leadership on industry trends in the form of in-person speeches and webinars, as well as custom research and thought-leadership reports. Target audiences and objectives range from internal teams to customer and user conferences. Some recent examples include:

• Participation on a ‘Panel of Experts’ at a global user conference for a leading Global ERM (Enterprise Risk Management) software vendor.

• Custom research and thought-leadership paper on Basel 3 and implications for risk technology.

• Webinar on Financial Crime Risk Management.

• Internal education of sales team on key regulatory and business trends and engaging C-level decision makers.

8. How to use research and services from Chartis

In addition to our flagship industry reports, Chartis offers customized information and consulting services. Our in-depth knowledge of the risk technology market and best practice allows us to provide high-quality and cost-effective advice to our clients. If you found this report informative and useful, you may be interested in the following services from Chartis.


Achieving Effective IFRS 17 Reporting: Enabling the right accounting policy through technology

IFRS 17: The next stage in risk-aware accounting

IFRS 17 Technology Solutions, 2019: Market and Vendor Landscape

IFRS 9 Technology Solutions: Market Update 2017

CECL Technology Solutions, 2018

Data Integrity and Control in Financial Services: Market Update 2018

For all these reports, see www.chartis-research.com

9. Further reading

http://www.chartis-research.com

controlling data across borders - workiva · 2 | controlling data across borders opyright nfopro...

Documents