Meeting New OTC Swap Reconciliation Rules May Require Better Technology and Processes

by Pillsbury Winthrop Shaw Pittman LLP
Contact

Although reconciliation of the key terms has been a best practice for over-the-counter derivative trades for some time (particularly with collateralised trades), the scale of the reconciliation exercise imposed by forthcoming regulations in the EU and U.S. has caused many market participants to undertake a fundamental review of the systems and processes in place. For many, compliance can only be achieved by utilising a third party for provision of an appropriate technology platform or an end-to-end service. With imminent compliance deadlines and the late development of the requirements themselves, functionality has understandably been the focus of any sourcing process. However, from a supply chain and outsourcing perspective, a key challenge remains the manner in which the financial services-specific regulations are applied to this type of third-party arrangement.

The New Legislation
With the 1 July deadline for compliance with CFTC Rule 23.502 looming and the equivalent EU legislation (in the form of the Commission Delegated Regulation (EU) No. 149/2013) due to come into force on 15 September, OTC market participants are bracing themselves for major changes to the way they perform portfolio reconciliation in relation to non-cleared trades. In fact, it is looking increasingly likely that the deadline will have to be extended by around three months, to allow further time for compliance by the affected institutions.

As a relatively small part of the wider global OTC market regulatory regime proposed following the Pittsburgh G20 summit of September 2009, the new portfolio reconciliation requirements have been introduced to address a perceived lack of risk management and control as a result of the failure of OTC trade counterparties to identify and resolve valuation differences and the underlying causes of these differences. Both ESMA (acting under the European Markets Infrastructure Regulation) and the CFTC (acting under powers granted by the Dodd-Frank Act) have implemented distinct, but broadly similar requirements. Table 1 below provides a comparison of the key features of the U.S. and EU regulations:



Impact of the New Legislation
The requirement for both counterparties to reconcile all non-cleared trades, including those which are not collateralised, will significantly increase the volume of reconciliations to be performed. The direct impact of this requirement is two-fold. First, as a smaller financial institution or non-financial company the new obligation to reconcile will result in greater requirements to provide data both in terms of volume and compliance with a converging market approach. Second, as a financial institution that meets the clearing criteria, there may be an opportunity to perform reconciliations on behalf of smaller counterparties, with only data input received from the counterparty; however, whether this will be acceptable from a regulatory perspective (in terms of compliance by the smaller counterparty) is still being considered.

A further impact is the potential increase in the number of data points to be reconciled. In Europe the impact is to be determined; however, there could be nearly 60 core data points that need to be reconciled. This is expected to have an exponential impact on the number of breaks identified. To add to this, the divergence of requirements between classes of counterparty will mean that additional reference data identifying a counterparty’s status for the purposes of the reconciliation will need to be applied (and maintained) and mechanisms introduced to monitor compliance with the thresholds and timetables within which outstanding breaks must be notified to a regulator.

The market has acknowledged that a standardised approach to the reconciliation process is key to minimising the additional compliance effort. In many cases this has led to a strategic decision to move to the use of a third party reconciliation tool to provide the necessary functionality (and avoid the prospect of the parties wasting time and effort “reconciling the reconciliations”).

Implementation Challenges and Approach
Ensuring compliance with ESMA’s rules on portfolio reconciliation and dispute resolution ultimately boils down to implementing (or procuring from a third party) a system that comprises both a technology platform (for the reconciliation) and a process (for the post-reconciliation dispute resolution). A number of options, considered below, present themselves as to which elements of the overall system a firm would seek to implement itself or alternatively procure from a third party.

Portfolio reconciliation is not new; many institutions will already have sophisticated functions in place and a number of third-party suppliers market highly developed systems and processes for performing the analysis and, in some cases, facilitating the resolution of discrepancies. Some of these services may already be provided to institutions, such as hedge funds, by asset-servicing providers as part of wider collateral management solutions.

However, even if an institution with a large portfolio has its own or a third-party system and has historically managed the process entirely in-house, the impact of the new regulations may result in it seeking to move to a more standard platform, as the market converges. It may also need to significantly increase the size of a previously smaller team managing disputes or seek further services from its asset-servicing provider.

Certain institutions are anticipating an up to four- or five-fold increase in the size of their reconciliation and dispute resolution teams. This may well impact on how an institution views its options to source some or all of the system from a third party. The usual drivers of cost such as headcount and building teams away from core competencies may make a third-party option more attractive.

Technology Platform
An institution with its own reconciliation platform, and preferring to perform reconciliations in-house, will, in most cases, need to undertake redesign in order to ensure compliance. For most institutions, however, a move to using one of the now market-standard reconciliation platforms is more likely. This has the benefit of limiting disputes as to the veracity of the breaks (as opposed to the detail of the break itself); independent platforms generate breaks as a result of the non-standard way in which they collect and present data for the reconciliation.

The major financial institutions are proceeding on the basis that their entire portfolio will be reconciled and as such the related migration effort, to move existing portfolios to a new platform, requires careful planning, with a first step being to understand how existing data sets can be reconfigured to the new data fields. The discrepancies between fields will need to be addressed by certain rules which determine how the data is reconfigured. Additionally from existing systems it will be necessary to migrate or extract data which allows the number of swaps per counterparty and the counterparty class to be determined. Inevitably, a level of manual effort is always required for data migration exercises and it is anticipated that institutions will require a spike in resource effort.

The benefit of harmonising the data fields is that it will allow greater automation in terms of matching the underlying trades. However, there is a challenge in the short term for all market participants to comply with the regulations through automated matching, given the current discrepancies between data fields and the manual attach-a-document-to-an-email approach taken with many trade reconciliations. A third-party platform can assist to short-circuit these issues, as it is possible for the platform to normalise data provided by independent systems, and then perform the reconciliation after the normalisation.

Any system will need to include reporting functionality that will allow the generation of internal management information and data required by the regulator. Again, this is likely to be a change from the current practice of many market participants but should be specified as a requirement (whether developed in-house or externally procured) with any reconciliation platform.

Process
Another major resource impact the regulations have is on the requirements for resolving disputes. The additional breaks from the reconciliation process will throw up more items for dispute, which if not resolved within a specified timetable, will require escalation to a regulator.

Third-party technology platforms have offered dispute identification and communication pathways to counterparties, and through an end-to-end collateral management solution, an asset service provider can offer resources to actually manage the dispute from commencement to resolution. The dispute resolution process will require, with input from risk and legal functions, a script and process flow to resolution with individually identified steps. Each step will need to comply with the regulations (for example, in terms of timescales) but also the firms’ internal risk policies and mandates.

A firm might also identify a need for a third-party system to manage the disputes process flow, which brings benefits of automation, increased control, defined audit trail and risk management.

Use of Third Parties – Risk and Regulations
The market standard for reconciliation engines is via secure file transfer protocol, whereby data relating to trades is made available to, and hosted by, the third party. The characteristics of third-party data transfer and hosting bring regulatory implications, which may not be immediately apparent to procurement teams or implementation teams given that this type of arrangement, is to a large degree viewed as a “commoditised” service.

Data security is clearly one of the fundamental concerns regarding a third-party solution. Any utilisation of a system which is hosted by a third party, or a process which requires the third party to have access to data which relates to counterparty trades, will require scrutiny by any institution, and especially financial institutions. In the UK, any institution regulated by the Prudential Regulatory Authority and the Financial Conduct Authority will need to consider the systems and controls requirements and the overarching principles set out in the combined FCS and PRA Handbook.

Due diligence regarding the technology standards employed by the third party, its security policy (including compliance with standards such as ISO27001), business continuity arrangements, and personal data processing undertakings, would all be necessary, at a minimum, as part of an agreement with a third-party technology platform provider. At the same time, institutions need to keep in mind their own regulatory obligations and how they will continue to comply with the same, e.g., whether their compliance with data retention obligations resides with the retained function or forms part of the service provided by the third party. The institution must also ensure that it addresses the risk inherent in providing a third party with full view of an institution’s entire portfolio, by using multiple providers, retaining some capability in-house or by contractual risk allocation methods.

The international element of many of the trades, where data is now being exported from far-flung jurisdictions, may also result in legal compliance issues that the institution will need to resolve.

An important further issue is that any financial institution will need to consider the application of the FCA Handbook to a third-party solution and/or service. The Handbook rules under SYSC8 apply to any arrangement with a third party, with absolute compliance required if the arrangement constitutes a “material outsourcing”, and proportionate compliance required for non-material outsourcings. For example, a distinction is typically drawn between the utilisation of a technology platform (likely to be non-material) as compared to using a collateral management service which may form part of a broader middle-office or back-office arrangement with a third party (more likely material). In terms of proportionate compliance, the more important Handbook rules that need to be applied are in areas such as reporting, audit, cooperation with the regulator, etc., all of which need to be documented as part of the outsourcing agreement that will be entered into. Our experience is that there is a lack of understanding that these rules apply to this type of arrangement, at a time of an increasingly active (in this area) regulator, and at a time when there are more services of this type (that is, software as a service, commoditised-style arrangements) coming to the regulator’s attention. This should raise concerns about ensuring the appropriate contractual controls and mechanisms are included in any third-party arrangement.

Conclusion
The relatively short implementation timetable, not least as a result of the delays in clarifying the scope of the requirements, may lead affected parties into a rush to change the way they source and manage their reconciliation services. Given the regulatory framework and the options available, a considered approach and targeted outcome is required, cognisant of the entire regulatory framework.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pillsbury Winthrop Shaw Pittman LLP | Attorney Advertising

Written by:

Pillsbury Winthrop Shaw Pittman LLP
Contact
more
less

Pillsbury Winthrop Shaw Pittman LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.