When failings in transaction reporting systems and controls creates more than a financial headache

When failings in transaction reporting systems and controls creates more than a financial headache

When failings in transaction reporting systems and controls creates more than a financial headache

Bernadine Reese and Stuart Campbell in our London office discuss the approach of the Financial Conduct Authority (the FCA) to transaction reporting and their recent fines in this area as well as raise some questions and points for risk leaders to consider

Transaction Reporting is a key operational compliance process common to institutions involved in securities and derivatives trading. Most typically its core requirements involve identifying and reporting to the relevant regulator what securities and derivatives transactions have been carried out, on what markets, at what price, in what quantity and with whom. Importantly, it affects those institutions in the UK, across Europe and also outside Europe where local financial regulators have broadly similar requirements/objectives. Financial regulators use the information from transaction reports for monitoring for market abuse, firm and market supervision and for sharing with certain external parties, such as in the UK with the Bank of England.

The rules governing Transaction Reporting in the UK and the rest of Europe significantly changed in January 2018 on implementation of what is colloquially referred to as “MiFID II”, with the broadening of what types of instruments institutions are in scope of reporting and the number of data points to be captured and reported. Scope and data requirements are complex and in my view often not helped by interpretation issues.

This combination places significant strain on front and back office systems, processes and data that are typically highly fragmented.

In the UK, the FCA has a consistent track record in penalising non-compliance, with a particular emphasis on systems & controls and oversight as well as the quality of reporting. Listed below is a record of published Transaction Reporting fines by the FCA and a summary of the rationale – including two issued in March 2019.  

In order to ensure compliance with Transaction Reporting requirements, risk and operations leaders in institutions need to consider not only the accuracy, completeness and timeliness of their reporting, but also the quality of the Transaction Reporting internal control framework. Compliance should not be viewed as a tick-box exercise.  

Because the data driving Transaction Reporting flows across multiple governance structures and departments, the importance of a solid control environment is paramount. It is all too clear to see that internal weakness in the control environment can and will lead to poor quality of transaction reports and to subsequent regulatory pressure. 

The FCA deliberately did not enforce the MiFID II requirements immediately in order to give the industry time to adjust. Recent fines are a warning by the FCA that they are taking Transaction Reporting very seriously.  

Those functions most exposed to the risks of Transaction Reporting include unsurprisingly Operations, Compliance, and Internal Audit but also those responsible for product control and change and transformation (regulatory, process, data governance).  

Those leaders in institutions in scope of Transaction Reporting requirements are now on notice and need to review their own arrangements. Core questions you should be asking yourself are: 

Points to consider
How is your organisation responding to the root causes underlying the Transaction Reporting problems set out in the fine?
- Who is responding and mobilising efforts? 
- What scope of review/assessment is anticipated and timelines is being considered? 
- In considering the fine, have you also considered reporting under EMIR and SFTR (due to be implemented in 2020) 
How do you know the those issues are not also relevant to your organisation?    
- Who is/what roles are engaged across the 3 lines of defence? 
- What additional skills and resource needs are required? 
What positive assurance is there from work done by Compliance, Risk and Internal Audit (or a third party) that your organisation complies with Transaction Reporting requirements? 
- What MiFID II post-implementation review / assurance was provided? 
- What issues and findings arose? 
- Is there a programme of work to address findings?  
- What control framework is in place that governs your organisation’s transaction reporting arrangements and provides the basis for demonstrating appropriate control?
How has your organisation anticipated changes required to Transaction Reporting that arise from the various BREXIT scenarios

- How far advanced are any plans to implement changes? 
- Who is responsible for changes? 
- What level of assurance is there that the organisation is well placed – what gives you that assurance?

Final thoughts

As an aside, there are also complex BREXIT implications that vary depending on the outcome of the current negotiations and the basis upon which the UK leaves the European Union. Additionally, whilst reviewing processes, it might be expedient to consider other regulatory reporting requirements such as EMIR and also SFTR (when it takes effect in 2020).  

With Operational Resilience being a topical issue, it would be sensible to ensure Operational Resilience programmes consider the criticality of regulatory reporting which relies on systems and often third party relationships.

Historic FCA fines relating to transaction reporting (source: FCA.org)

Investment firm fined  
GSI has been fined £34.3million for failing to provide accurate and timely reporting relating to 220.2 million transaction reports between November 2007 and March 2017


UBS is fined £27.6million for failings relating to 135.8 million transaction reports between November 2007 and May 2017.


MLI is fined £13.2million for failing to report and incorrectly reporting transactions. The fine reflects MLI’s failure to address the root causes over several years.


The London branch of Deutsche Bank AG is fined £4.7 million for failing to accurately report all of its Equity Swap CFD transaction reports.


RBS is fined £5.6 million for failing to report 37% of their relevant transactions and breaching their requirement to have adequate management controls.


James Sharp is fined £49,000 for failing to report any of its reportable transactions.
Plus500UK is fined £205,128 for failing to report and failing to report accurate. The firm did not have appropriate systems and controls, documented procedures or appropriate training for staff.

Ready to work with us?

Bernadine Reese
Bernadine Reese
Managing Director
Stuart Campbell
Stuart Campbell