Firms subject to MIFIR transaction reporting requirements must pay attention to the FCA’s latest Market Watch. In Market Watch 81, the FCA focuses on the root causes of firms’ failures in transaction reporting and sets out their latest supervisory observations (including from recent section 166 FSMA skilled person reviews).

This is the FCA’s second warning on transaction reporting of late. It follows last year’s Market Watch 74 where the FCA set out its concerns that firms were not paying sufficient attention to its warnings on the importance of complete, accurate and timely transaction reporting. 

The FCA is concerned that there remain data quality issues and that these persist even after the issue has been identified and, allegedly, remediated by a firm. The FCA has determined that the root causes of these issues are weaknesses in the following interlinked areas:   

• Change management: This is where poor change management practices cause issues in firms’ systems and processes for transaction reporting. Change management activities include business analysis, systems and data mapping, development of new business and functional requirements and implementation of new reporting systems, including pre and post-deployment testing and sign-off. The FCA noted a number of poor practices including where firms: did not use business analysis to map out MIFID II requirements; lacked oversight over outsourced change processes; and did not have clear policies and procedures to manage reporting during staff absences.
• Reporting process and logic design: The FCA expects transaction reporting systems to be supported by clear reporting processes and logic design documents. The FCA noted misreporting where firms interpreted regulatory requirements and developed reporting logic independently from the firm's business context. The FCA also flagged the additional risk where input from the first and second lines of defence are limited in the reporting design process. 
• Data governance: Recognising that transaction reporting processes often rely on multiple internal data sources and external feeds, the FCA identified the necessity of effective data governance. The FCA found that a lack of data governance where there is a disconnect between data management and regulatory reporting resulted in misreporting. The FCA emphasised the need for effective data governance to streamline data flows and enrich transaction reports at different points of the end-to-end reporting process. The FCA commented that data dictionaries and data lineage documents should show how data elements are used and, if applicable, transformed.
• Control framework: The FCA reiterated the importance of firms implementing a comprehensive control framework for transaction reports. The FCA emphasised the need for firms to understand this process and its vulnerabilities in order to direct control placement. The FCA observed failings where there were inadequate control frameworks, for example, due to implementing processes which excluded certain data flows or conducting reconciliations on an irregular basis. 
• Governance, oversight and resourcing: The FCA reminded firms of the fundamental importance of governance in managing the transaction reporting process. The FCA noted the following governance failures in particular which resulted in transaction reporting errors: 
  • excluding transaction reporting from a firm’s wider risk management framework; 
  • insufficient management information; 
  • unclear terms of reference across governance bodies causing relevant persons to be unaware of the procedures that apply to the proper discharge of their responsibilities;
  • limited compliance oversight including the absence of a formal compliance risk assessment process and lack of subject matter expertise to provide guidance on transaction reporting issues; 
  • inadequate accountability over the transaction reporting process; and 
  • insufficiently resourced transaction reporting functions.

Firms will need to review the FCA’s findings and assess their own processes against each of these in order to identify any deficiencies in their processes. The FCA has highlighted that the root causes identified are all interlinked. Firms must therefore be careful not to conduct a siloed assessment of each of these areas. We recommend that risk management teams ensure that a holistic review is undertaken. Where any weaknesses are identified, firms must ensure that enhancements made to their processes are implemented comprehensively across the areas highlighted.