SFTR Delegated Reporting – What are the risks for the buy-side?
26 Nov SFTR Delegated Reporting – What are the risks for the buy-side?
The decision to delegate SFT reporting has its appeal for many buy-side firms, especially those who have successfully delegated their EMIR reporting in the past. “If it ain’t broke, don’t fix it” is probably their prevailing view. The decision to continue with delegated reporting may be reinforced by the perception that SFT reporting is considerably more complex than EMIR reporting. However, there are real risks with SFT reporting delegation that firms need to be aware of, based on experiences to date with EMIR and MiFID II.
In a previous Blog (1), we opined that that medium-sized companies who currently delegate their EMIR reporting may want to think again when it comes to delegating their SFT reporting. We identified the key benefits for firms who wished to implement their own reporting system based on a single-platform. In this Blog, we move to the flip-side of this theme, and focus on the real risks companies face with the mechanics of SFTR delegation should they choose to take this path.
The main issue for a firm intending to delegate or outsource their SFT reporting is the need to understand exactly what they are delegating and their responsibilities thereafter. It is not as simple as leaving their counterparty or service-provider ‘to get on with it’, with minimal involvement from the delegator. As has been stressed many times by ESMA and the NCAs, European regulations that require two-sided orders and transactions reporting always makes both counterparties responsible for the accuracy and timeliness of their reported data – this responsibility cannot be delegated.
In their July 2019 Consultation Paper on guidelines for MiFID II compliance function requirements (2), ESMA includes a section on outsourcing. ESMA makes it very clear that :
- Firms can only outsource tasks or functions, but not their responsibilities. Firms wishing to engage in outsourcing remain fully responsible for the tasks that are outsourced.
- The ability to direct and control outsourced tasks must always be retained by the firm initiating the outsourcing.
- The firm should perform a due diligence assessment on their proposed service provider, ensuring that their service provider has the necessary authority, resources, expertise, and access to all relevant data in order to perform the outsourced compliance tasks.
- The service provider should perform the outsourced tasks on an ongoing basis, not just in specific circumstances.
- Firms should monitor the quality and the quantity of the services provided. The firm’s senior management is responsible for supervising and monitoring the outsourced function on an ongoing basis, and should have the necessary resources and expertise to be able to fulfil this responsibility.
The central thrust of ESMA’s guidelines is that delegation through outsourcing means the parallel implementation of some form of oversight mechanism by the delegator over their service provider to ensure this responsibility is met to the level required by the regulations. We believe that at the operational level, if firms who delegate do nothing else, they should at least run regular reconciliation reports to establish that the data held on them by the authorities actually corresponds to what the delegator believes to be the true data.
Although ESMA’s MiFID II Guidelines are of general applicability to other EU regulations allowing delegation and outsourcing of reporting, it is not clear that they are being fully adhered to. We only need to look at the recent experiences of delegated reporting with EMIR to find areas of concern.
Only a few days ago, the CSSF (the Luxembourg financial NCA), issued a press release (3) on the results of a questionnaire sent to investment fund managers (IFM) from which it concluded, “IFM need to improve the supervision and oversight of their EMIR obligations, with a small portion of IFM having potentially significant deficiencies.” The CSSF noticed that in general, the current monitoring and oversight are not compliant with EMIR requirements. So five years after the implementation of EMIR, some NCAs (and ESMA) are still not fully satisfied with the level of oversight carried out by the delegators.
Amongst other issues, the CSSF noted the absence of adequate oversight when a firm delegated its EMIR obligations to another entity. The CSSF reminds each IFM firm that it remains responsible for ensuring that it complies with its EMIR obligations even where it has delegated. Thus the IFM must carry out initial and ongoing due diligence on the delegate to ensure that their EMIR obligations are being met. The IFM and its delegate must clearly establish their respective roles and responsibilities and ensure an adequate, ongoing oversight programme of the delegate by the IFM of the EMIR obligations that they have delegated.
The CSSF stated that it had already contacted IFM to highlight significant deficiencies around EMIR monitoring and oversight that needed improvement, preferably by the end of 2019. To date, the CSSF has mainly focused on the EMIR monitoring and oversight procedures, but warned that it will also act to improve the actual data quality of trades reported to trade repositories.
This is the CSSF talking about just its own jurisdiction – we suspect it is not alone, and the issues it raises are more widespread. We expect more comments from ESMA and other NCAs.
If the CSSF’s experience with EMIR transaction report delegation is anything to go by, this does not auger well for delegated SFT reporting, especially when considering a number of operational points of detail :
- Reconciliation. SFTR reporting is much more complex than EMIR, especially with respect to the reconciliation process. There could be the real risk of a difference in interpretation of the SFTR fields that would lead to inconsistent reporting, poor or no control over reported data, and an active reconciliation process that would prove nigh impossible to execute.
- Risk of double-reporting. As a specific example of point 1, we can envisage a situation where the delegating firm and its service-provider use slightly different trade identifiers, so when the delegating firm checks the trade repository, it cannot find its trades. Consequently, it may initiate an upload of the ‘missing’ ones, leading to further reconciliation problems.
- Reporting re-use of collateral. The reporting process for collateral re-use involves the production and submission of a single aggregated report at the end of day, but this is not possible for any service-provider to produce without having a full view of the books and records of their clients. As the collateral reuse report has no direct one-to-one relation with the underlying transactions but is only related to those, we believe that consistent reporting will also not be feasible.
- Monitoring multiple service-providers. We can easily see the situation where a buy-side firm delegates their reporting to multiple counterparties, custodians and banks. Each service-provider would need monitoring as per the ESMA guidelines, and for the delegating firm would make the compliance oversight process unmanageable.
There is much here for buy-side firms to think about in terms of the risks of delegated reporting. Yes, the delegation of their EMIR reporting may have worked well to date, but for SFTR it may be a step too far. If a buy-side firm is contemplating delegation to multiple entities, then it is also looking at multiple costs of oversight. These may outweigh the cost of implementing a single, platform-based system to support self-reporting.
- deltaconX “SFT Reporting – Have medium-sized companies reached a fork in the road?” October 2019
- ESMA Consultation Paper “Guidelines on certain aspects of the MiFID II compliance function requirements” 15 July 2019 ESMA35-43-2019
- CSSF Press Release 19/49 COMMUNICATION REGARDING THE RESULTS OF THE 2018 EMIR IFM QUESTIONNAIRE Luxembourg October 14th 2019
For more information on how deltaconX can advise you on your SFTR decision to adopt delegated or self-reporting, and on the implications of this decision for your business, please contact us at firstname.lastname@example.org.