On Thursday 7 November, the UK's Financial Conduct Authority (FCA) published the 81^st edition of Market Watch, its newsletter on market conduct and transaction reporting issues. In the edition, the FCA outlines observations from its supervision of the UK MiFID transaction reporting regime. This includes the FCA’s assessment of findings from skilled person reviews issued under section 166 FSMA to address transaction reporting failings.

The FCA finds that reporting issues are often caused by weaknesses in change management; reporting process and logic design; data governance; control framework; and governance, oversight and resourcing. The FCA’s comments on each theme is provided below.

i. Change Management

• Change management activities help firms to manage change and include business analysis, systems and data mapping, development of new business and functional requirements and implementation of new reporting systems, including pre- and post-deployment testing and sign-off.
• Data quality issues often coincide with system or process related change such as incorrectly sourcing information from clearing systems, leading to discrepancies in RTS 22 field 28 (trading date time), among other fields. 
• Insufficient change related documentation, including records of key decisions, can create knowledge gaps and result in complexity for firms when they are later required to remediate data quality issues, including back reporting.
• Data quality issues can emerge where change processes are outsourced to third parties and there is inadequate oversight over the scope of deliverables. This can be worsened by the absence of transaction reporting subject matter expertise within the firm. 
• Inadequate management information may reduce a firm’s ability to monitor progress while managing regulatory change risk.  
• Staff turnover and absences can affect data quality such as failure to report transactions where key staff dependencies exist and absence of clear policies and procedures to manage reporting in a staff’s absence.

ii. Reporting Process and Logic Design

• Reporting processes and logic design documents should evidence how reporting processes have been designed to meet business and functional requirements.
• Interpreting regulatory requirements and developing reporting logic independently from the firm's business context can result in misreporting such as populating RTS 22 field 36 (venue) with a trading venue market identifier code when reporting as a DEA user. The FCA reminds firms of the requirements in Article 22(2)(b) of the MiFID Org Regs. 
• Lack of clarity in implementing the transaction reporting process can result in ad-hoc resource assignment and unclear deliverables. This can result in manual processes that lead to late reporting, backlogs in exception management and difficulties when transaction reports need to be cancelled and amended. 

iii. Data Governance

• Disconnects between data management and regulatory reporting can result in misreporting.
• Data dictionaries and data lineage documents should show how data elements are used and, if applicable, transformed.
• Gathering data from various sources for use in transaction reporting process can result in fragmented data owners, access, maintenance and storage, which increases the likelihood of errors and creates procedural inefficiencies. 
• The FCA has seen: encrypted data flowing into transaction reports from systems that hold personal information, resulting in pseudonymised national identifiers being misused in fields that require natural persons to be identified; incorrect data elements being sourced due to inaccurate mapping or outdated data tables; trading venue transaction identification codes being overridden in RTS 22 field 3 by internal execution identifiers; and inaccurate or invalid legal entity identifiers being sourced from static data tables that do not reconcile with booking confirmations.  
• Inadequate data lineage documentation can undermine the integrity of data used in transaction reports which can result in ineffective data management and data flow breaks.
• Failure to identify source data accurately can adversely affect the effectiveness of reconciliations conducted. For example, by supressing the detection of reporting breaks.
• Incomplete data lineage can cause business flow blind-spots and result in unreported transactions. 
• Poor record keeping can undermine a firm’s ability to audit its records and correct historic transactions where errors are identified. The FCA reminds firms that Article 25(1) of UK MiFIR requires investment firms to keep at disposal of the FCA the relevant data relating to all orders and transactions in financial instruments they have carried out, whether on own account or on behalf of a client, for five years.  
• Inadequate security or change management for personal data can result in unauthorised or untracked data modifications and introduce inaccuracies in transaction reports.  

iv. Control Framework

• Firms must have arrangements to make sure their transaction reports are complete and accurate.
• Understanding a firm’s end-to-end transaction reporting process and its vulnerabilities can direct control placement.  
• Poorly designed reconciliation processes hinder firms from identifying data quality issues, for example by excluding source data or specific data flows. The FCA reminds firms that under Article 15(3) of RTS 22 reconciliations must include front-office records.  
• Conducting reconciliations on specific fields only or on an irregular basis may not be adequate to identify all errors and omissions in transaction reports or meet the requirements of RTS 22. 
• Not reviewing or updating controls when reporting processes evolve may not align with Article 21(5) of the MiFID Org Regs.
• Excluding services and data provided by third parties from control and reconciliation frameworks can create gaps in monitoring and prevent firms from identifying issues originating outside the firm.

v. Governance, Oversight and Resourcing

• Excluding transaction reporting from a firm’s wider risk management framework can result in limited consideration of transaction reporting as an operational, compliance and reputational risk.
• Prioritising financial risk management at the expense of non-financial risk can lead to significant weaknesses in the measurement and management of transaction reporting risk, which may not align with the requirements in Article 23 of the MiFID Org Regs.
• Lack of relevant management information can create a monitoring gap for senior management where transaction reporting risks can crystallise and impede decision making. Similarly, insufficient or inconsistent management information may prevent the board of a firm and other governance bodies from understanding the regulatory and operational risks arising from transaction reporting issues. The FCA reminds firms of the requirements in Article 21(1)(e) of the MiFID Org Regs.  
• Deficient organisational structures where reporting lines, function allocation and responsibilities are not clearly delineated, can result in ineffective oversight of transaction reporting risks and reporting issues, which may not align with the requirements in Article 21(1)(a) of the MiFID Org Regs. 
• Unclear terms of reference across governance bodies can mean relevant persons are unaware of the procedures that apply to the proper discharge of their responsibilities, which may not align with the requirements in Article 21(1)(b) of the MiFID Org Regs. 
• Absence of a formal Compliance Risk Assessment (CRA) process and lack subject matter expertise to provide guidance on transaction reporting issues may not align with the requirements in Article 22(2) of the MiFID Org Regs.  
• A lack of accountability over the transaction reporting process can result in ineffective process assessment, policies and procedures, which may disincentivise a firm from addressing emerging deficiencies. This may not align with the requirements in Article 25(1) of the MiFID Org Regs.  
• Insufficiently resourced transaction reporting functions can result in operational flaws, such as not managing exceptions and report transactions on time, unnecessarily prolonged delivery of remedial work and back reporting and delayed implementation of regulatory change.

If you have any questions on the newsletter, please contact Aniqah Rao.