Although reconciliation of the key terms has been a best practice for over-the-counter derivative trades for some time (particularly with collateralised trades), the scale of the reconciliation exercise imposed by forthcoming regulations in the EU and U.S. has caused many market participants to undertake a fundamental review of the systems and processes in place. For many, compliance can only be achieved by utilising a third party for provision of an appropriate technology platform or an end-to-end service. With imminent compliance deadlines and the late development of the requirements themselves, functionality has understandably been the focus of any sourcing process. However, from a supply chain and outsourcing perspective, a key challenge remains the manner in which the financial services-specific regulations are applied to this type of third-party arrangement.
The New Legislation
With the 1 July deadline for compliance with CFTC Rule 23.502 looming and the equivalent EU legislation (in the form of the Commission Delegated Regulation (EU) No. 149/2013) due to come into force on 15 September, OTC market participants are bracing themselves for major changes to the way they perform portfolio reconciliation in relation to non-cleared trades. In fact, it is looking increasingly likely that the deadline will have to be extended by around three months, to allow further time for compliance by the affected institutions.
As a relatively small part of the wider global OTC market regulatory regime proposed following the Pittsburgh G20 summit of September 2009, the new portfolio reconciliation requirements have been introduced to address a perceived lack of risk management and control as a result of the failure of OTC trade counterparties to identify and resolve valuation differences and the underlying causes of these differences. Both ESMA (acting under the European Markets Infrastructure Regulation) and the CFTC (acting under powers granted by the Dodd-Frank Act) have implemented distinct, but broadly similar requirements. Table 1 below provides a comparison of the key features of the U.S. and EU regulations:
Impact of the New Legislation
The requirement for both counterparties to reconcile all non-cleared trades, including those which are not collateralised, will significantly increase the volume of reconciliations to be performed. The direct impact of this requirement is two-fold. First, as a smaller financial institution or non-financial company the new obligation to reconcile will result in greater requirements to provide data both in terms of volume and compliance with a converging market approach. Second, as a financial institution that meets the clearing criteria, there may be an opportunity to perform reconciliations on behalf of smaller counterparties, with only data input received from the counterparty; however, whether this will be acceptable from a regulatory perspective (in terms of compliance by the smaller counterparty) is still being considered.
A further impact is the potential increase in the number of data points to be reconciled. In Europe the impact is to be determined; however, there could be nearly 60 core data points that need to be reconciled. This is expected to have an exponential impact on the number of breaks identified. To add to this, the divergence of requirements between classes of counterparty will mean that additional reference data identifying a counterparty’s status for the purposes of the reconciliation will need to be applied (and maintained) and mechanisms introduced to monitor compliance with the thresholds and timetables within which outstanding breaks must be notified to a regulator.
The market has acknowledged that a standardised approach to the reconciliation process is key to minimising the additional compliance effort. In many cases this has led to a strategic decision to move to the use of a third party reconciliation tool to provide the necessary functionality (and avoid the prospect of the parties wasting time and effort “reconciling the reconciliations”).
Implementation Challenges and Approach
Ensuring compliance with ESMA’s rules on portfolio reconciliation and dispute resolution ultimately boils down to implementing (or procuring from a third party) a system that comprises both a technology platform (for the reconciliation) and a process (for the post-reconciliation dispute resolution). A number of options, considered below, present themselves as to which elements of the overall system a firm would seek to implement itself or alternatively procure from a third party.
Portfolio reconciliation is not new; many institutions will already have sophisticated functions in place and a number of third-party suppliers market highly developed systems and processes for performing the analysis and, in some cases, facilitating the resolution of discrepancies. Some of these services may already be provided to institutions, such as hedge funds, by asset-servicing providers as part of wider collateral management solutions.
However, even if an institution with a large portfolio has its own or a third-party system and has historically managed the process entirely in-house, the impact of the new regulations may result in it seeking to move to a more standard platform, as the market converges. It may also need to significantly increase the size of a previously smaller team managing disputes or seek further services from its asset-servicing provider.
Certain institutions are anticipating an up to four- or five-fold increase in the size of their reconciliation and dispute resolution teams. This may well impact on how an institution views its options to source some or all of the system from a third party. The usual drivers of cost such as headcount and building teams away from core competencies may make a third-party option more attractive.
An institution with its own reconciliation platform, and preferring to perform reconciliations in-house, will, in most cases, need to undertake redesign in order to ensure compliance. For most institutions, however, a move to using one of the now market-standard reconciliation platforms is more likely. This has the benefit of limiting disputes as to the veracity of the breaks (as opposed to the detail of the break itself); independent platforms generate breaks as a result of the non-standard way in which they collect and present data for the reconciliation.
The major financial institutions are proceeding on the basis that their entire portfolio will be reconciled and as such the related migration effort, to move existing portfolios to a new platform, requires careful planning, with a first step being to understand how existing data sets can be reconfigured to the new data fields. The discrepancies between fields will need to be addressed by certain rules which determine how the data is reconfigured. Additionally from existing systems it will be necessary to migrate or extract data which allows the number of swaps per counterparty and the counterparty class to be determined. Inevitably, a level of manual effort is always required for data migration exercises and it is anticipated that institutions will require a spike in resource effort.
The benefit of harmonising the data fields is that it will allow greater automation in terms of matching the underlying trades. However, there is a challenge in the short term for all market participants to comply with the regulations through automated matching, given the current discrepancies between data fields and the manual attach-a-document-to-an-email approach taken with many trade reconciliations. A third-party platform can assist to short-circuit these issues, as it is possible for the platform to normalise data provided by independent systems, and then perform the reconciliation after the normalisation.
Any system will need to include reporting functionality that will allow the generation of internal management information and data required by the regulator. Again, this is likely to be a change from the current practice of many market participants but should be specified as a requirement (whether developed in-house or externally procured) with any reconciliation platform.
Another major resource impact the regulations have is on the requirements for resolving disputes. The additional breaks from the reconciliation process will throw up more items for dispute, which if not resolved within a specified timetable, will require escalation to a regulator.
Third-party technology platforms have offered dispute identification and communication pathways to counterparties, and through an end-to-end collateral management solution, an asset service provider can offer resources to actually manage the dispute from commencement to resolution. The dispute resolution process will require, with input from risk and legal functions, a script and process flow to resolution with individually identified steps. Each step will need to comply with the regulations (for example, in terms of timescales) but also the firms’ internal risk policies and mandates.
A firm might also identify a need for a third-party system to manage the disputes process flow, which brings benefits of automation, increased control, defined audit trail and risk management.
Use of Third Parties – Risk and Regulations
The market standard for reconciliation engines is via secure file transfer protocol, whereby data relating to trades is made available to, and hosted by, the third party. The characteristics of third-party data transfer and hosting bring regulatory implications, which may not be immediately apparent to procurement teams or implementation teams given that this type of arrangement, is to a large degree viewed as a “commoditised” service.
Data security is clearly one of the fundamental concerns regarding a third-party solution. Any utilisation of a system which is hosted by a third party, or a process which requires the third party to have access to data which relates to counterparty trades, will require scrutiny by any institution, and especially financial institutions. In the UK, any institution regulated by the Prudential Regulatory Authority and the Financial Conduct Authority will need to consider the systems and controls requirements and the overarching principles set out in the combined FCS and PRA Handbook.
Due diligence regarding the technology standards employed by the third party, its security policy (including compliance with standards such as ISO27001), business continuity arrangements, and personal data processing undertakings, would all be necessary, at a minimum, as part of an agreement with a third-party technology platform provider. At the same time, institutions need to keep in mind their own regulatory obligations and how they will continue to comply with the same, e.g., whether their compliance with data retention obligations resides with the retained function or forms part of the service provided by the third party. The institution must also ensure that it addresses the risk inherent in providing a third party with full view of an institution’s entire portfolio, by using multiple providers, retaining some capability in-house or by contractual risk allocation methods.
The international element of many of the trades, where data is now being exported from far-flung jurisdictions, may also result in legal compliance issues that the institution will need to resolve.
An important further issue is that any financial institution will need to consider the application of the FCA Handbook to a third-party solution and/or service. The Handbook rules under SYSC8 apply to any arrangement with a third party, with absolute compliance required if the arrangement constitutes a “material outsourcing”, and proportionate compliance required for non-material outsourcings. For example, a distinction is typically drawn between the utilisation of a technology platform (likely to be non-material) as compared to using a collateral management service which may form part of a broader middle-office or back-office arrangement with a third party (more likely material). In terms of proportionate compliance, the more important Handbook rules that need to be applied are in areas such as reporting, audit, cooperation with the regulator, etc., all of which need to be documented as part of the outsourcing agreement that will be entered into. Our experience is that there is a lack of understanding that these rules apply to this type of arrangement, at a time of an increasingly active (in this area) regulator, and at a time when there are more services of this type (that is, software as a service, commoditised-style arrangements) coming to the regulator’s attention. This should raise concerns about ensuring the appropriate contractual controls and mechanisms are included in any third-party arrangement.
The relatively short implementation timetable, not least as a result of the delays in clarifying the scope of the requirements, may lead affected parties into a rush to change the way they source and manage their reconciliation services. Given the regulatory framework and the options available, a considered approach and targeted outcome is required, cognisant of the entire regulatory framework.