Regulatory reporting… Whose problem is it anyway?

By Synthesis Director of Integration and Products, Steyn Basson

When I was a teenager I loved to read. I still do, but an abundance of audio-books, on-demand television shows, podcasts, and general work means I don’t get to do it as often as I used to. One of the main reasons I loved reading, was because of (amongst others) an amazing writer called Douglas Adams. He let me in on little inside jokes and ideas that I was blind to before, but which I suddenly started noticing everywhere (see “Baader-Meinhof phenomenon” for more details).

Amongst this treasure trove of information and mind-blowing nuggets, one concept has probably stuck with me longer and changed me more than any other: The concept of SEP.

What is SEP? Simply put, SEP means that if something strange is going on, which a lot of people could be noticing at the same time as you, you don’t necessarily want to be the one to stick up your hand. What if you’re wrong? After all, nobody ever got locked away for NOT pointing out the pink elephant in a tutu in the room.

SEP is also the idea that if there is something difficult that has to be done, and lots of people that can do it, you don’t want to be the first to volunteer. What if you now become responsible for this complex engagement and you fail? What if you become the scapegoat? Not to mention the time commitments and the like that might follow if you do volunteer.

SEP is short for “Somebody Else’s Problem”, and it is one of the most amazing cloaking technologies in existence. The obvious (but unlikely or complex) becomes invisible if protected by SEP. SEP is also the reason you are probably more likely to get help when suffering an injury on a road where there is only one other person that can help, as opposed to in a crowded street.

I have found SEP all around me growing up; from everybody suddenly intently studying the windows, lights, floor and everything in between when being asked to volunteer an answer in class, to critical (but tricky) projects struggling to get approval because no one wants to be the one that flagged a project to go ahead if it involves the risk of failing.

The most recent place I have found SEP is in the regulatory reporting space. It is an area that is especially prone to it, mainly due to this being an area with complex requirements, very little chance of praise if you do get it right, a (perceived) lack of value-add to your business (after all, safety belts and airbags add no value to your car – until you need them), and a very high probability of getting blamed if you get it wrong.

Failure to take ownership in turn causes easily controllable situations to explode into full-blown emergencies; it leads to finger-pointing and blame games; and maybe most importantly, it leads to penalties and other real-world consequences that could have been avoided.

I have primarily seen this fear/lack of ownership raise its head up in three separate areas:

  • Area of expertise
  • Area of focus
  • Layer of seniority

Area of expertise:

Where should regulatory reporting live? Is it an IT function, or is it a business function? On the one hand, the reporting formats are often quite complex and need to be perfectly formed and make use of the right protocols or it will fail, after which you are presented with (human) unreadable error files. On the other hand, knowledge of your client and a full understanding of what is acceptable from a compliance and legal angle is critical when performing regulatory reporting. Meaning you need a balance of understanding the business and understanding the IT side. More often than not it is easier to point at the other “team” when the question of where this function resides comes up.

A focus on a single area often leads to a sense of apathy (SEP) by the other area, who then fails to respond appropriately and/or timeously when key responses are required.

Area of focus:

Is regulatory reporting a compliance function, or is it something that is intrinsically part of the business that it supports? For example, should SARS tax reporting live under the Compliance team’s umbrella, or under the Tax team’s umbrella? How about SARB reporting? Compliance or payments?

We have seen organisations struggle with this question, with some moving reporting around on an annual basis. When it lives in the compliance space, some nuances are often missed (e.g. tax or payment specific considerations which SMEs in the relevant spaces have picked up expertise on over a number of years). When it lives in the business area itself it often falls outside of the strict controls and regulations that are put in place in compliance and other areas (and are sometimes treated as a grudge afterthought).

Although maybe less of a SEP problem than the previous example, the lack of full insight/understanding in either area means that there is a reluctance to take full ownership.

Layers of seniority:

A final area where we sometimes see ownership/insight struggles relate to seniority. In general, we often see a separation between the (lower seniority) person (referred to from here on in as the “submitter”) performing the actual submission and the (higher seniority) person (referred to from here on in as the “owner”) who is ultimately responsible for the submission. As the layers of abstraction increase between these individuals, so do the potential problems.

At times this is a classic case of SEP (somebody is taking care of it, it’s better if I stand back and stay out of it – plausible deniability if you will), but sometimes this is just a communication problem. I sometimes liken this to the broken telephone effect. Imagine there are two layers between the submitter and the owner (call them person 1 and person 2). The following could be a typical status update flow after project closeout:

  • Submitter to person 1: This season was insane, with many late nights, broken data all over the place – at the pace our business is growing, we will be in trouble next year if we follow the same approach – we need to do it better next season or I will resign. Regardless, we managed to get it done at 11:50 PM last night.
  • Person 1 to person 2: Good news, we managed to get over the line – there are some team concerns, but nothing major.
  • Person 2 to owner: Excellent news! We reported on time again! The process is working!

How do we solve for all of this?

Very often SEP attitudes are due to uncertainty on what exactly is going on, and not feeling like you are empowered to resolve issues. To be successful, you must ensure that:

  • There is transparency and insight at all stages of the reporting process, regardless of which area and/or layer of the organisation requires the insight.
  • Individuals are able to provide their input and take ownership of areas where they are best equipped to provide value.

For example, in the “area of expertise” case, making sure that business has a clear view of the data that is relevant to them (as opposed to being ambushed by a storm of irrelevant data), and ensuring they have the tools to allow them to validate and clean/correct data in an expedient way, while giving them clear insight into the quality and impact that their processing activities has on the data, ensures they are set up for success.

The IT team in turn needs to have the confidence that the data they received has passed approval by business and is ready to be submitted. If any technical issues arise, then they should be equipped with tools and reports that give them insight into the failure causes, and mechanisms that allow for them to resolve issues.

Similar processes apply in each of the other cases, where ensuring proper insight into data and access to the right tools allow teams to be set up for success.

All this means that the right actions can be taken by the right people at the right time. Which leads to fewer emergencies and late nights. And maybe, just maybe, some time to read.