The Significance of Implementing Regulatory Controls and Ensuring Data Accuracy

When the Office of the Comptroller of the Currency (OCC) assessed a $400 million civil money penalty against Citibank in 2020, it faulted its old, defective software. Just two months earlier in August 2020, Citi’s $900 million wire transfer mistake was blamed on a fat-finger human error. Citigroup assured regulators it would improve risk management, data governance, and internal controls. Four years later, the Federal Reserve Board and the OCC offered a $135 million dollar scolding for Citi’s inadequate remediation efforts in shoring up data quality management.

This is a common digital transformation story in which the institution is either dragging its feet in modernizing infrastructure, is sinking resources into a technological money pit, or conducting faulty change management. In the same manner that institutions are racing to keep pace with the digitalization of the financial system, the SEC, FINRA and other regulatory authorities are racing to keep their rulemaking relevant to today’s rapidly evolving market risks.

As we do business in an era of unrelenting technological innovation, regulators are intent on protecting investors and the economy from systemic risk. Prioritizing airtight financial compliance has never been more important. Here’s why the ramifications of inadequate investment data management, inefficient compliance disclosures and reporting, and porous risk management make implementing regulatory controls and data management a necessity.

Era of data determinism

You've probably heard the expression "data is the new oil." When referring to investment lifecycle data, one could amend that to "data is the oil, the engine, and the highways." Data quality, data governance, and simply trusting in the accuracy of a firm's data to make decisions is an imposing problem. Many firms' legacy data management platforms and traditional manual spreadsheet processes are unable to properly integrate and harmonize data from market data vendors, service providers, third-party applications, cloud marketplaces, and internal applications such as accounting, CRM, and risk tools. Because of this fragmentation, middle- and back-office operational problems are not only preventing the success of front office aspirations, but are also leaving compliance departments' reporting and disclosure practices hung out to dry.

Citi's CEO commented on the $135M enforcement: "Our transformation is addressing decades of underinvestment in large parts of Citi's infrastructure and in our risk and control environment," The Citi case demonstrates the "deep connections between the tech stack, data estates and compliance management in modern banking."¹

2025 regulatory priority: data governance

In August, the SEC finalized amendments to its new rule on reporting and guidance on open-end fund liquidity risk management programs, requiring more frequent reporting of monthly portfolio holdings, amending certain reporting requirements relating to entity identifiers, and requiring open-end funds to report information about service providers. Further, the SEC has set its sights on registered private funds with their Form PF data reporting requirements. A federal appeals court handed the SEC a setback on this effort, but the future could very well see such rules implemented.

Regulatory agencies are explicitly calling for firms to modernize their disclosure models and data governance. In 2025, regulators will request larger and more granular datasets and complex reporting to better understand the extent of risks taken by financial institutions. According to an EY data governance report, one large European regulator has gone from requesting monthly submissions of hundreds of items of data to now receiving over 50 million daily submissions². This is a clear call-to-action for asset managers, hedge funds, and investment firms to get their data houses in order. But it's also an opportunity.

A single golden thread of investment lifecycle data — clean, validated, organized — pulled from disparate datasets enables the aggregation of holdings, performance, cash flows, risk analytics, and reporting. This operational alpha produces efficiencies, including compliance reporting and disclosures, which can only be fully tapped if all data is harmonized and accessible as a single source of truth.

Centralized management of financial data

Regardless of the moving regulatory targets, buy-siders and sell-siders should pursue rigorous data governance and risk management control standards to keep up with evolving rule changes, and be audit-ready. They must reduce the risk of compliance errors that lead to expensive monetary enforcement actions and brand names prominently in negative headlines. The $135 million dollar bolt-on penalty for Citi's four-year-long effort in remediating data quality management was a result of poor data governance. Institutions that seize control of their datasets will be infinitely more agile in correcting mistakes — and be nimble in adapting to changing rules in the future.

Data accuracy, completeness, relevance are prerequisites to timely, precise regulatory reports, such as:

• Capital and liquidity reporting
• Transaction reporting
• Regulatory returns
• Client stock and asset records
• Customer fees and charges
• Stock exchange
• Clearing house reconciliations

Data quality management for financial institutions

Why are regulatory bodies turning their attention so keenly to data governance? It is not hyperbole to say that investment data touches every function at investment firms, which engage in mastering, storing, and distributing reference and transactional data. Moreover, today's markets demand a big leap in record-keeping complexity as fund managers have gravitated to sophisticated multi-asset strategies with fragmented, hard-to-manage data that comes in different forms depending on the instrument in question. This essentially demands that infrastructure is capable of data literacy in different asset-class languages.

New rules for Form N-PORT and Form N-CEN adopted by the SEC will compel firms to disclose how they categorize assets based on liquidity risk and report it³. Recently implemented rules like T+1 require managers to file daily snapshots of their trading, including confirmations, allocations, and affirmations, including time stamps, and P&L.

Transparency and reporting in investment data management

Robust investment data management is a prerequisite to sound risk management, from valuation and stress testing to exception reporting and minimum capital requirements for market risk. Compliance officers that operate with severe data gaps or inefficient data-based workflows may conduct improper risk assessments, saddled with murky visibility into credit facility availability and corresponding liquidity requirements. This puts their firms and investors at risk. As the IMF notes, the private credit boom could present significant market risk to entrants if ambitions are not coupled with a solid foundation of data.

Modernizing data infrastructure to meet regulatory demands

In fiscal year 2025, the SEC says it will continue to encourage investor testing on both existing and proposed disclosures to retail investors and it will advocate for innovative and more investor focused approaches to disclosure⁴. To have any hope of building secure risk controls, fully compliant reporting, and innovative disclosures, most CTOs, CDOs, and CIOs are well aware they need to achieve superior data quality and governance. To do that, they must reimagine the firm's underlying infrastructure. This can be an intimidating proposition.

The CTO's data governance wish list

Next generation financial compliance requires advanced regulatory reporting tools for capital markets to automate document generation and distribution of client, regulatory, and management documents. It requires data management technology that helps firms master datasets of securities, price, positions, and corporate actions information by integrating, aggregating, cleansing, and organizing referential data from multiple systems and sources.

We would suggest that firms take a tact toward a meta-regulation mindset, establishing their own operational processes by "...embedding regulatory objectives within the management and decision-making processes of financial firms"⁵ Only end-to-end data infrastructure built specifically for the timely needs of managers can approach this standard.

Some platforms do just that, delivering automated reporting and compliance through a single source of truth. This regulatory technology harmonizes massive volumes of data and modernizes inefficient disparate systems, empowering firms to generate innovative disclosures and reporting from intricate, modern investment structures.

Key takeaways

• 1.Data governance and quality are essential for regulatory compliance: Effective data management, particularly accurate, clean, and organized data, is critical for financial firms to meet increasingly stringent regulatory reporting requirements.
• 2.Regulatory bodies are increasing their focus on data-driven oversight: Newer regulations such as the revised Form PF and T+1, require more detailed reporting, making robust data management and automation crucial for staying compliant.
• 3.Technological transformation is necessary for compliance and operational success: Financial institutions must invest in modern technology and infrastructure to keep pace with digitalization and regulatory demands, integrating systems, improving data workflows, and enhancing risk management.