UBS’s record £27.6 million fine for Markets in Financial Instruments Directive I (MiFID I) transaction reporting errors clearly demonstrates the struggle financial services firms are having with technology change management and their failure to embrace quality assurance and effectiveness testing for regulatory reporting.
Even though this mammoth fine — first reported by Thomson Reuters Regulatory Intelligence in 2015 — was for MiFID I mistakes, firms should not write it off as a legacy issue. MiFID II reporting is more complicated, covers more financial instruments and comprises more fields. That complexity increases firms’ opportunities for mistakes and errors, and fines like UBS’s clearly illustrate how costly those mistakes can be.
UK firms in the midst of Brexit-related transaction reporting systems change programs should be particularly careful. Firms could be introducing errors into their systems inadvertently during the change programs or compounding errors caused by the shift from MiFID I to MiFID II reporting.
The UK’s Financial Conduct Authority (FCA) indicated it will exercise a certain amount of Brexit-related forbearance. However, financial firms really ought to be using this time to check systems carefully for change-management-caused errors; and they should also introduce quality assurance programs to ensure accurate and timely reporting.
Unpacking the UBS Fine
The UBS fine, announced by the FCA on March 18, is for over- and under-reporting transactions, mistakes in reports, as well as systems and control failures related to 135.8 million transaction reports over a 10-year period between 2007 and 2017.
It took more than four years for the FCA’s final notice and fine to be published, in part because when UBS’s problems were uncovered in 2014 it took until 2017 to put their systems right. In the meantime, the bank was making further reporting errors and increasing its eventual fine in the process. The FCA traced UBS’s problems all the way back to 2007 when it went live with its MiFID I transaction reporting system, Target Operating Model (TOM). It was supposed to have been designed and built to improve upon its previous system after lessons learned from a 2006 internal audit commissioned after UBS’s wealth management unit incurred a fine in 2005.
After deployment in 2007 TOM’s performance was audited an additional three times (2008, 2012-‘13, and 2016) in which the bank identified 135.8 million absent, inaccurate, or erroneous transaction reports.
The FCA says these were the result of 42 errors of which there were three main root causes and some errors arising due to a combination of these causes:
- errors in UBS’s systems, IT logic and/or reporting processes;
- weaknesses in change management controls; and
- weaknesses in controls around the maintenance of static data.
It took until May 24, 2017 to fix the issues which started in 2007. That’s a fine 10 years in the making — not to mention all the IT, audit and external advisory and consulting costs incurred.
Good News, Bad News
The good news for firms is that since MiFID I went live in 2007, a number of tech companies began offering quality assurance assistance to check reporting systems for problems and reports for mistakes. So, there is help out there if firms are willing to pay for it.
The bad news for firms is twofold. One is the increased complexity in MiFID II reporting. The FCA has already highlighted many mistakes it has found in reports.
Second, is firms’ inability to implement effective change management programs for transaction reporting. Merrill Lynch’s 2017 fine for European Market Infrastructure Regulation trade reporting failures is a case in point. In that case, poor implementation combined with a lack of follow-up on known problems and no quality assurance processes all were blamed for 68.5 million exchange traded derivative transactions going unreported.
That cost Merrill £34.5 million — other financial firms should take note.