The cost of regulatory reporting

A collaborative article by Chartis and Regnology.

This is the first in a series of Point of View articles from Chartis and Regnology that explore the cost of complying with regulatory reporting requirements, and the context in which regulatory reporting is evolving. This article highlights financial institutions’ regulatory reporting obligations and challenges, and offers a framework they can use to assess both the cost of compliance and of upgrading their systems to facilitate it.

Context: the regulatory reporting landscape

The regulatory reporting landscape for financial institutions is evolving. The volume and complexity of financial regulations have increased, putting pressure on firms to monitor and report a range of exposures and comply with different regulatory requirements. Major change is also happening following the failures of Credit Suisse and Silicon Valley Bank because of liquidity-related issues.

Prior to these failures, regulatory reporting requirements were already burdensome for financial institutions. But firms are facing newer requirements that are necessitating investment in solutions for end-to-end regulatory monitoring and reporting, to ensure the healthy functioning of organizations (see Figure 1).

Key challenges for financial institutions

Financial institutions face different regulatory reporting challenges based on several business and operational factors (see Figure 2), including:

  • Size.
  • Business lines.
  • Types of reporting.
  • Existing infrastructure.
  • The systems and tools they use.
  • The number of skilled or expert resources they deploy in the reporting value chain.

The main challenges they face include:

  • Ever more regulations. Regulations have been adapted to meet the challenges linked to recent banking failures and instability in the financial markets. But complying with these and such major regulatory initiatives as the Fundamental Review of the Trading Book (FRTB), Basel IV, the Securities Financing Transaction Regulation (SFTR), the Sustainable Finance Disclosure Regulation (SFDR) and environmental, social and governance (ESG) and climate risk reporting presents considerable challenges.
  • The need for real-time reactivity is increasing, to help firms keep their information up-to-date so they can stay on top of challenging reporting requirements and impacts to their investments and credit lines. This reactivity also allows regulators to review data in real time.
  • There is a growing need for more granularity in reporting so firms can make the best possible business decisions and regulators can monitor more detailed data.
  • Liquidity challenges. The unstable economic state of many countries following the COVID-19 pandemic has made it difficult for banks to maintain adequate liquidity. Most banks in the US have been exempt from Basel-style liquidity risk measures (such as the net stable funding ratio [NSFR] and the liquidity coverage ratio [LCR]), but we expect to see liquidity risk controls expand to include them. By definition, liquidity risk controls tend to be highly focused on data and integration and often require banks to extract data from a variety of systems so they can perform intermediate aggregations and calculations (often using spreadsheets). Regulators in many countries now mandate liquidity risk requirements that include adequate liquidity provisioning and stress testing.
  • Data and data management are still among the biggest challenges financial institutions face. It is often a struggle to gather ample and accurate data that meets the standards of real-time granularity while maintaining a solution that can be integrated easily. But this is necessary given the current fiscal environment and its associated regulatory requirements.

To address these challenges, financial institutions require a coordinated approach that combines effective data management practices, robust IT infrastructure and continuous monitoring and updating of regulatory compliance processes.

The cost of compliance – and non-compliance

Over the past decade, compliance costs have risen significantly compared to levels before the 2008 financial crisis, especially in retail and corporate banks. This increase is due to several factors, including heightened regulatory expectations and enforcement, globalization and pressure on firms from policymakers, regulators and shareholders to meet and ensure the effectiveness of their compliance measures (see Figure 3).

The cost of compliance

The cost of regulatory reporting compliance can have a significant impact on an organization’s financials and operations, particularly in industries (like finance) with more stringent regulations. These costs cover several different elements of the business and its operations:

  • Regulatory complexity. Different regions may have different regulations – organizations with a high volume of transactions will incur greater costs because of the increased effort required to track, analyze and report on them accurately.
  • More investment in robust regulatory reporting software and infrastructure. This can reduce costs in the long term by automating processes and ensuring accuracy, but initial setup costs can be high.
  • Skilled personnel with expertise in regulatory compliance are essential but can be costly, as can training staff to stay abreast of evolving regulations.
  • Effective data management practices and systems can help to ensure vital data accuracy, integrity and security, but can be costly.
  • Regular audits and reviews to ensure compliance add to the overall cost.
  • Legal and consulting services to interpret regulations, provide guidance on compliance strategies or assist with audits add to the cost.
  • Integration with existing systems can increase costs, especially if modifications or upgrades are needed.
  • Scalability and flexibility can affect the cost of regulatory reporting systems and processes.

The cost of non-compliance

While the cost of complying with regulatory reporting requirements can be high, the cost of non-compliance can be significantly higher. Crucially, the total cost of non-compliance can extend beyond immediate financial penalties, with long-term implications for a company’s financial health and strategic position. These costs can arise from several sources, including the following:

  • Regulatory bodies can impose substantial fines and penalties on companies that fail to comply with reporting requirements. These can amount to millions or even billions of dollars in some cases, depending on the regulation, the severity of the non-compliance and the jurisdiction.
  • Legal battles and litigation can mean expensive legal fees, settlements and judgments. Legal proceedings can also be time-consuming, diverting resources from other business operations.
  • Reputational damage for non-compliant companies can lead to a loss of customer trust, decreased investor confidence and even lost business. The impact on a company’s brand and market position can be significant and long-lasting.
  • Operational disruptions caused by regulatory investigations and having to rectify non-compliance issues can lead to inefficiencies, lost revenue and additional costs.
  • Non-compliant companies may be subjected to increased regulatory scrutiny and oversight in the future, leading to higher ongoing compliance costs.
  • Non-compliance can affect a company’s ability to secure financing or increase the cost of insurance premiums, as lenders and insurers may view the company as being a higher risk.
  • Dealing with the consequences of non-compliance can consume significant management time and focus and may lead to such employee-related issues as demoralization, high turnover and recruitment difficulties.

Achieving cost-effective compliance

Financial institutions have struggled to find the right strategic solutions to help them stay abreast of increasing regulation and the need for compliance. Some are still using technologies they deployed after the 2008 financial crisis, choosing to invest to keep up with current standards and increasing their overall compliance costs in the process. Emerging regulatory technology (RegTech) solutions can help firms meet their obligations, easing their burden by streamlining costly manual and labor-intensive tasks, and making it easier and cheaper for financial institutions to comply.

An integrated RegTech platform approach

RegTech uses digital technologies to enhance elements of the regulatory reporting workflow (such as monitoring, compliance and reporting itself), making the process more robust and economical by standardizing and automating many manual activities. These technologies can be expensive, however, especially if deployed on a stand-alone basis. To add value and provide maximum benefit, RegTech must be part of an integrated risk and finance architecture.

Fortunately, financial institutions looking to invest in more up-to-date and cost-effective regulatory technologies now have access to a market that has expanded across geographies, and which contains specialty products for almost any system type. To help narrow down their choice to the best systems, firms have three major considerations:

  • Choosing the right operational system.
  • Determining the utilities required.
  • Reconciling complexity and cost, bearing in mind that greater complexity means higher cost.

To address the first two considerations, RegTech solutions should offer platform capabilities, coverage of regulatory calculations and the ability to generate and submit reports to regulators. These capabilities are summarized in Figure 4 and Table 1.

Data modeling: IRef

IReF objective. The Integrated Reporting Framework (IReF), an initiative by the European Central Bank (ECB), has a clear objective: to streamline banks’ statistical reporting processes across the Eurozone. This initiative will merge several reports into one and ensure complementary practices among national central banks. Under IReF, banks would provide the ECB with more granular data, and the ECB (along with the central banks) would then have complete independence to develop the relevant statistical indicators.

Timelines. Banks operating in the Eurozone from 2027 will be required to deliver significantly more data points to the ECB compared with their existing statistical/supervisory reporting requirements (which will be replaced by IReF). Initially, the scope of replacement will cover balance sheet items (BSI), monetary interest rates (MIR), securities holding statistics (SHSS), analytical credit (AnaCredit) datasets, balance of payments (BoP) and financial reporting (FINREP). With a go-live timeline of 2027, banks are expected to be test-run ready by the second half of 2026; most banks will start working on the IReF reporting framework from early 2025 onwards.

Cost impacts. To be compliant with the IReF requirements, banks need to factor in three main costs:

  • Parallel run costs. As per the current published timeline, banks will be required to do a six-month test with live data in H2 2026, followed by a two-year parallel run from 2027-28. This could result in a doubling of infrastructure, application and resource costs.
  • Data management. Banks will be required to source large amounts of data at an unprecedented level of granularity, potentially changing institutions’ interfaces with upstream systems. Moreover, data quality checks and validations will be more complex, as banks will be required to reconcile their general ledger numbers with the underlying granular data. Nonetheless, requirements around data lineage and governance will be equally important in terms of regulatory audits. Banks will likely have to invest in a strategic platform that can handle the complex data management process while also providing the flexibility needed to consolidate granular risk and finance data.
  • Automation and technology upgrades. A massive increase in data volumes means that banks will have to validate their existing infrastructure and invest in technologies to automate the reporting workflow process. They will also have to invest in cloud infrastructures to collect and process the granular data required from various upstream systems.

A framework for success

As regulations have continued to proliferate, most firms acknowledge that they must not merely comply with current regulations but also budget for future ones. For financial institutions, much of the answer lies in being able to pinpoint exactly where their compliance costs sit across technology, processes, people and operations. We believe that high-performing firms will be able to implement the right organizational mechanisms to optimize their total cost of compliance and take a vital step toward achieving efficient and cost-effective compliance.

To help them address their challenges, Chartis and Regnology have devised a cost-attribution framework that firms can use when calculating their cost of regulatory reporting compliance. It takes into account upgrades to their legacy systems and investments in efficient RegTech solutions (see Figure 5 and Table 2). The exact nature of this framework will depend on the type of institution, its size and the different business lines and geographies in which it operates.

Looking ahead

In the forthcoming articles in this series, we will discuss a comparative study that analyzes the pros and cons of in-house vs. outsourced approaches to risk and regulatory reporting. We will assess the risks associated with maintaining legacy systems and the potential benefits of adopting modernized approaches, and will examine various delivery models for risk and regulatory reporting. These include on-premises, managed services and cloud solutions (private/hybrid/public) across the different types and sizes of financial institution.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a Chartis account, please register for an account.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here.